iOS forensics company Elcomsoft has revealed that iOS backups via iTunes are much easer to crack with iOS 10 than with previous versions of iOS. The security hole seems to be due to a new password verification method in iOS 10.
Apparently, in iOS 10, the OS “skips certain security checks” that were present on previous versions of iOS, which would allow a hacker to break in much quicker. Interestingly enough, if you have older backups that are working in addition to the new backup, the old backup method is used.
When working on an iOS 10 update for Elcomsoft Phone Breaker, we discovered an alternative password verification mechanism added to iOS 10 backups. We looked into it, and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older.
This new vector of attack is specific to password-protected local backups produced by iOS 10 devices. The attack itself is only available for iOS 10 backups. Interestingly, the ‘new’ password verification method exists in parallel with the ‘old’ method, which continues to work with the same slow speeds as before.
In a nutshell, it’s much easier for someone to gain access to an iOS backup via iTunes. Backups made via iTunes, especially encrypted ones, keep your iCloud Keychain passwords, health and activity data, and much more.
Unfortunately, with iOS 10, Elcomsoft’s tool is able to try 6 million password guesses per second and has an 80 to 90 percent chance of guessing the correct password.
In a statement issued to Forbes, Apple says a fix is in the works. It also added that iCloud backups aren’t affected. Until a patch is complete, Apple recommends users use a strong password for their computers.
“We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” an Apple spokesperson said. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”