Local iPhone backups are easier to crack in iOS 10

Though it may not involve iCloud storage, it seems that it is best to wait for the new iOS 10 security updates to back up your iPhone.

Local iPhone backups are easier to crack in iOS 10

It seems that Apple have a problem with the new iOS 10 update that makes security on iPhones weaker. This could lead to a potential breach and unauthorized access to local backups.

This comes from a Russian firm, Elcomsoft, that makes tools to break into iPhones. They discovered this as they are updating their phone breaking tool software. They found out that local backups made to a user’s computer when they update to iOS 10 uses a new verification system that omits some security checks. In short, it’s easier to get inside these local files.

Why would you care?

If you have updated to iOS 10 using your computer, then you should be wary of attacks due to these weaker security mechanisms. Password-protected backups made by iOS 10 are primary targets. If an attacker can get hold of a copy of these backups, Elcomsoft’s new software would allow it to crack the encryption 2500 time faster to the old security mechanism used in iOS 9.

Through this statistics, they can process 2400 passwords per second in iOS 9 while 6 million passwords per second in iOS 10. Pretty huge difference.

The iTunes backups’ weakness may well be a weak link for iPhone security, for iOS 10 users of course. Elcomsoft said that breaking into the physical phone or even iCloud accounts have been more difficult lately, however, an access to a backup stored locally inside a computer allows for some direct access. Forcing an iPhone or an iPad to produce an offline backup and analyze the resulting data are the very few options available for devices running iOS 10.

Apple’s Response

According to a statement provided to Forbes, Apple is aware of the issue and is working to correct it:

“We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

Our suggestion, wait till the next stable update for iOS 10 before backing up your iPhone.