Apple is currently working on a fix to address the iOS 10 security breach issue tied up to Apple device backups. (Photo : Getty Images/Justin Sullivan)
Apple has rolled out several iOS 10 updates recently, though they may have overlooked the security levels tied up to the backups. All of this was revealed by Russian company Elcomsoft who singled out weaker encryption on the password-protected backups.
As mentioned in a previous post here on Yibada, Apple rolled out iOS 10.0.2 meant to address audio tied up to making and taking calls on the iPhone 7. It should be noted that the security fixes included were minor, though Elcomsoft’s discovery may force the Cupertino-based company to come up with another update soon.
The security flaw lies in the local backups of devices running on iOS, with the Russian firm noticing weaker encryption on the password-protected backups, the Elcomsoft blog reported. This means that hackers will have a relatively easier time accessing them which Apple will have to address.
Oleg Alfonin explained the vulnerability though he did not elaborate on the security checks that could be bypassed. Just the same, it does become a cause for concern seeing how backups contain important data and information as well.
"The attack itself is only available for iOS 10 backups. Interestingly, the 'new' password verification method exists in parallel with the 'old' method, which continues to work with the same slow speeds as before."
The weaker encryption comes as a surprise considering Apple has been known to implement strong encryption on devices. The traditional way to hack in is through password guessing, the frequency of which was notably different.
Afonin notes that Apple may have done away with the two-factor authentication that atoned for their software to guess passwords faster. Their software was able to guess passwords for iOS 9 at 150,000 passwords per second with GPU compared to the iOS 10 which managed to guess six million passwords per second.
Apple acknowledges the iOS 10 backup vulnerability and is working on a fix likely to be included in their next iOS 10 updates, PC Mag reported. For now, the Cupertino company advises Apple owners to enforce stronger passwords to limit access to authorized users. To ramp up security, FileVault disk encryption has been suggested for added protection.
The video below details Apple’s confirmation of the iOS 10 security flaw.
