Apple bills iOS 10 as being “More personal. More powerful. More playful.” It’s hard to argue with that train of thought, given the features that Apple has infused into the mobile operating system including a totally revamped iMessage app, rich notifications, third-party app integration with Siri, more useful 3D Touch actions, and other various tweaks and additions.
However, at least one area in iOS 10 has seen a bit of a regression compared to previous versions, and it could leave your iPhone and iPad data less secure than before. We know that some of the world’s best hackers come from Russia, so we’re taking this latest report from Russian firm ElcomSoft very seriously.
Researchers for the company say that Apple has made local iTunes backups for devices more vulnerable to hackers, thanks to what is described as an “alternative password verification mechanism” that has been added with iOS 10.
According to ElcomSoft, this new method offers a shortcut for verification, allowing it to skip some critical security checks. As a result, iOS 10 backup passwords in iTunes can be obtained “approximately 2,500 times faster” than what was possible with iOS 9.
Oleg Afonin writes in a blog posting:
This new vector of attack is specific to password-protected local backups produced by iOS 10 devices. The attack itself is only available for iOS 10 backups. Interestingly, the ‘new’ password verification method exists in parallel with the ‘old’ method, which continues to work with the same slow speeds as before.
ElcomSoft Phonebreaker Software
ElcomSoft considers this a serious security flaw in iOS 10. Now that the attack vector is out in the open, we hope that Apple works quickly to patch it up or at least remove the new verification method and revert back to the more secure system that has served previous versions of iOS.