Apple Confirms Serious iOS 10 Backup Security Flaw, Promises Fix

The latest version of iOS brings a lot of interesting (and perhaps fun) things to the table, but as it turns out, It had one sloppy regression that was quickly pointed out. Apple shipped iOS 10 with a severe security vulnerability that affects iTunes backups.

As we reported on Friday, Russian security research firm Elcomsoft revealed that gaining access to an iOS 10 backup password via iTunes, is "2,500 times faster" than before. While that speed boost is likely only going to be useful to those who have physical access to a device, it's an alarming statistic nonetheless.

ios10 625px

And if there's a company that would know, it's Elcomsoft. The company sells a wide variety of software that lets regular users break into iOS and secure documents. It's all meant for personal use, but with much of this processing able to be shifted to ultra-powerful graphics cards, it means you don't need to be rich or super-smart to gain access to certain data within iOS.

But here's the interesting thing: Elcomsoft says that because the security has been made so weak in iOS 10, its CPU-based brute-forcer is faster than the GPU-accelerated one that could be used in iOS 9.

Being such a severe issue, it's good to know that Apple wasted no time confirming its mistake. "We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC.", it writes. It goes on to say that it will be tackling the flaw in an upcoming update, and that the flaw does not affect iCloud backups (which is very, very good thing).


Via:  Forbes
Show comments blog comments powered by Disqus