Apple's newly launched iOS 10 comes with a serious design defect that leaves it vulnerable to hacking its password-protected backups.
Apple iOS 10 Backups' Security Flaw
According to Business Insider, digital security experts have found that it is very easy to crack iOS 10's password-protected backups. Professional iPhone hackers such as Moscow-based ElcomSoft discovered the flaw in iOS 10 security, centered around local password-protected iTunes backups. The discovery was announced by Elcomsoft's Oleg Afonin in a blog post on Friday, Sept. 23.
ElcomSoft is a well-known Russian forensics company. Its tool kit is believed to have been used by hackers involved in the celebrities' nude pictures scandal in 2014. The company ElcomSoft is making money by selling hack tools that can break into iPhones and rooting around a target's device. ElcomSoft started probing iOS 10's security as soon as the operating system was out on the market.
Forbes reports that it was found on iOS 10 the password-protected iTunes backups have now a weak secondary security mechanism that unfortunatelly "skips certain security checks." This lack in security makes it easier to launch a brute-force that tests different passwords until identifying the correct one.
According to security experts at ElcomSoft, this backup passwords in iOS 10 could be potentially guess 40 times faster using CPU acceleration than in iOS 9 and even 2,500 faster in iOS 10 than iOS 9 when using Intel i5 CPUs for cracking efforts.
ElcomSoft believes that its tools can successfully find the right password in iOS 10 backups at a rate of 80 to 90 percent. The tools the company sells can be bought by anyone.
According to Elcomsoft CEO Vladimir Katalov, the more secure version of storing passwords has been used by Apple back to iOS 4. At his turn, password security expert Per Thorsheim explained in a blog on Peerlyst that Apple uses now a weaker version of hashing algorithm for local iPhone files backups stored on PCs.