Apple’s weakened iOS 10 backups exposes your iPhone to password hackers
It is always a good idea to have a backup of your files and data, in the event something goes wrong. However, this backup data could be vulnerable to hackers or thieves and they could access it to steal sensitive information if your backup is not secure.
Apparently, the latest iOS 10 release of Apple Inc. appears to have accidentally reduced the security of the iPhone, thereby allowing unauthorized access to localized backups, according to Forbes.
Russian password-retrieval company Elcomsoft first discovered that local back-ups now use a different password security mechanism that avoids certain security checks. Apple has implemented a password verification system for iOS 10 backups to iTunes on Mac and Windows PCs, which makes brute force attacks possible, and are now 2,500 times weaker to password-crackers than previous versions of iOS.
“We discovered an alternative password verification mechanism added to iOS 10 backups. We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older,” Elcomsoft’s Oleg Afonin wrote in a blog post.
If the password to the backup is cracked, it would not only expose backed-up data and content but also allow the attacker to crack the passwords users choose for their iOS 10 backups, and infiltrate Apple’s Keychain password manager, a digital vault where user store passwords and other authentication data, are stored for Safari, credit-card data, and third-party apps.
However, the flaw relates only to manual iPhone and iPad backups that users start via iTunes and not through Apple’s cloud-based repository iCloud.
In the meanwhile, Apple issued a statement to Forbes, in which it said: “We’re aware of an issue that affects the encryption strength for back-ups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update.
“This does not affect iCloud back-ups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorised users. Additional security is also available with FileVault whole disk encryption.”
At this moment, it is advisable to stay away from upgrading the iPhone’s OS to iOS 10 till the issue is resolved.