Skip to main content
  1. Home
  2. Mobile
  3. News

iOS 10 was not great for Apple’s backup security, experts say

By

ios 10 two thirds installed version 1476106688 0 2
Image used with permission by copyright holder
In love with the new iOS 10? If you’re a hacker, you probably are. That’s because the newest operating system allegedly makes it “considerably easier” to hack iTunes logins for backup passwords stored on a Mac or PC. According to software company (and iPhone expert) Elcomsoft, the backup method used in iOS 10 “skips certain security checks,” which allowed professional hackers to test backup passwords “approximately 2500 times faster” when compared to iOS 9 and previous generations.

In a blog post detailing its findings, Elcomsoft wrote, “We discovered a major security flaw in the iOS 10 backup protection mechanism. This security flaw allowed us developing a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices.”

Recommended Videos

If you’re asking how serious of a problem this is, the software company says it’s “severe.” In fact, the company said, widely accessible tools achieved an 80 to 90 percent chance of successfully hacking a backup password — these are tools that can be purchased by just about anyone, not just law enforcement officials.

The problem, security expert Per Thorsheim wrote in a blog on Peerlyst, is that Apple is now using a weaker weaker hashing algorithm when it comes to iPhone data kept on PCs. As Forbes explained, “In iOS 9 and prior versions back to iOS 4, Apple used what’s known as a PBKDF2 algorithm and had the password run through it 10,000 times, so a hacker would have to run their plaintext guess through the algorithm 10,000 times too and repeat the process until a match was found. In the iOS 10 alternative version, a different algorithm known as SHA256 was used but with just one iteration.”

Apple, for its part, has admitted to this shortcoming. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

Editors' Recommendations

Topics
Lulu Chang
Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
iOS 17.5 just launched with a huge security feature for your iPhone
Apple iPhone 15 Plus and Apple iPhone 15 Pro Max seen from the back.

Apple iPhone 15 Plus (left) and Apple iPhone 15 Pro Max Andy Boxall / Digital Trends

Apple has just released the iOS 17.5 update for iPhones, which brings a host of new features. For European Union residents, it enables Web Distribution, which means you can sideload apps from the internet and won’t be limited to the App Store.

Read more
Apple’s new iPads look amazing, but there’s one big problem
Renders of the 11-inch and 13-inch models of the iPad Pro 2024.

After a year-long drought, Apple finally released some new iPads during its Let Loose event on May 7. Though it was just the iPad Air and iPad Pro models that were updated, we did get a 13-inch option for the iPad Air along with the standard 11-inch size, as well as iPad Pros with new OLED displays.

The iPad Airs now come equipped with an M2 chip inside, while the iPad Pros mark the debut of the new M4 chip. Exciting stuff, right? Unfortunately, as enticing as the hardware is, there is still one thing holding the iPad back -- and it's all Apple's fault.
Exciting new hardware, boring old software
iPad Air 2024 Apple

Read more
A big iPhone update is right around the corner
An iPhone 15 Pro Max sitting upright, showing one of its home screens.

With announcements for 2024 models of the iPad Air and iPad Pro, today's been a busy day of Apple news. But the iPad isn't the only Apple product in the news today. Following the big announcements from its event earlier this morning, Apple also shared some important news regarding the next iPhone update.

As of Tuesday, May 7, Apple has begun rolling out RC builds for iOS 17.5. RC stands for "Release Candidate," and it's the last beta version of a software update that Apple releases before its final public rollout. In other news, the official iOS 17.5 update should be right around the corner.

Read more