Apple iOS 10 security flaw makes it easier for hackers to access your data

iPhone on Macbook

Photo via Andrew Couts/Daily Dot (Licensed)

You didn't read about this in Apple's recent press release.
Apple's new iOS 10 has one tweak that isn't in the press release: a “severe” security flaw.

Developers at Elcomsoft—a Russian company that builds tools to help police access people's devices—uncovered changes to the way Apple protects backup data stored on your computer through iTunes.

The “alternative password verification mechanism” in iOS 10, as Elcomsoft Oleg Afonin describes it in a company blog post, lets someone trying to access a person's iOS backup data test potential “passwords approximately 2,500 times faster compared to the old mechanism used in iOS 9 and older.”

This process of using a computer to try to “guess” the password of a device or account is known as a brute-force attack, or just brute-forcing. With the change in iOS 10, brute-forcing backups is far easier than it was with earlier versions of the mobile operating system. 

In other words, Afonin explains, iOS 9 let hackers test as few as 2,400 passwords per second and upwards of 150,000 passwords per second, depending on the type of chip running the computer on which the backup was stored. That number jumps to 6,000,000 passwords for backups produced by iOS 10.

Elcomsoft CEO Vladimir Katalov tells Motherboard that Apple is aware of the issue and appears eager to fix it. However, it may require fixing both iOS 10 and iTunes, along with other potential conversations. 

News of a weakness in iOS 10 comes amid an ongoing debate over encryption, which rocketed into the national consciousness last year after the FBI demanded Apple help it crack into the iPhone of one of the deceased San Bernardino shooters.

H/T Motherboard

Contact the author: Andrew Couts, acouts@dailydot.com

Promoted Stories Powered by Sharethrough
encryption
U.S. 'quietly' asking Silicon Valley for help accessing encrypted communications
The White House and Pentagon are not looking for backdoors into encryption technology, according to one of the Obama administration’s top spies, but they are having “quiet” conversations with U.S. technology companies to address the issue of criminals and terrorists evading surveillance.
From Our VICE Partners
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!