Apple has released a new iOS 10 update but it seems to have just weakened the security even further as it allows unauthorized access to backups.
The vulnerability in the new iOS 10 update was discovered by the Russian firm Elcomsoft. Every iOS update, the company also updates their phone breaker tool for the iPhone.
Elcomsoft discovered that the backups saved after the iOS 10 update makes use of a new "password verification mechanism" which reportedly skips crucial security checks that should prevent unauthorized access to the system.
Password protected backups that are generated in iOS 10 can be targeted by hackers to compromise the system if Apple does not fix the vulnerabilities, The Verge has learned. In fact, Elcomsoft claims that the encryption on the iOS 10 update backups allows them to crack the password 2500 times faster than the one used in iOS 9.
Fortunately, the vulnerability is only found in iOS 10 and iOS 9 users are safe for the time being. The backups could contain sensitive data including saved passwords and such that would allow hackers to try and access other accounts as well.
Apple already admitted to their fault and is working on a fix for the next iOS 10 update, Digital Trends reported. The Cupertino-based tech giant said that they will be fixing it in their next security update but did not announce when it will be rolled out.
"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups," a spokesperson for Apple said.
The spokesperson also recommends users that their PC or Macs should be protected with strong passwords to prevent unauthorized access. Users should also refrain from making iOS 10 backups for the time being as Apple works on to fix the problem.
Vulnerabilities are not new to all mobile platforms and users should always be careful with their devices. Apple is already working on a fix for the iOS 10 vulnerability and updates are expected in the following days.