iOS 10 was not great for Apple’s backup security, experts say

ios 10 two thirds installed version 1476106688 0 2
In love with the new iOS 10? If you’re a hacker, you probably are. That’s because the newest operating system allegedly makes it “considerably easier” to hack iTunes logins for backup passwords stored on a Mac or PC. According to software company (and iPhone expert) Elcomsoft, the backup method used in iOS 10 “skips certain security checks,” which allowed professional hackers to test backup passwords “approximately 2500 times faster” when compared to iOS 9 and previous generations.

In a blog post detailing its findings, Elcomsoft wrote, “We discovered a major security flaw in the iOS 10 backup protection mechanism. This security flaw allowed us developing a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices.”

If you’re asking how serious of a problem this is, the software company says it’s “severe.” In fact, the company said, widely accessible tools achieved an 80 to 90 percent chance of successfully hacking a backup password — these are tools that can be purchased by just about anyone, not just law enforcement officials.

The problem, security expert Per Thorsheim wrote in a blog on Peerlyst, is that Apple is now using a weaker weaker hashing algorithm when it comes to iPhone data kept on PCs. As Forbes explained, “In iOS 9 and prior versions back to iOS 4, Apple used what’s known as a PBKDF2 algorithm and had the password run through it 10,000 times, so a hacker would have to run their plaintext guess through the algorithm 10,000 times too and repeat the process until a match was found. In the iOS 10 alternative version, a different algorithm known as SHA256 was used but with just one iteration.”

Apple, for its part, has admitted to this shortcoming. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

Computing

Why recent hacks show Apple’s security strength, not its weakness

It may sound strange, but the recent stories about vulnerabilities in Apple’s security could be good news for the firm. That’s because they went a long way to highlighting its strengths -- and the strengths it has traditionally had over…
Computing

Use one of these password managers to help protect yourself online

The internet can be a scary place, especially if you don't have a proper password manager. This guide will show you the best password managers you can get right now, including both premium and free options.
Computing

Slack is resetting user passwords in response to a 2015 data breach

In response to recently discovered information regarding a 2015 data breach, collaboration software company Slack will be resetting the passwords of some of its user accounts beginning July 18.
News

A new phishing scam targets Amazon users just in time for Prime Day

Security researchers at McAfee say that hackers have released a do-it-yourself kit that allows people to easily put together phishing scams targeting Amazon users -- just in time for Prime Day.
Mobile

Stalking apps: Google deletes 7 Android trackers from the Play Store

Google has removed from the Play Store seven stalking apps that could track someone's phone without them knowing about it. The sneaky software also offers access to a phone's contact list, as well as its SMS and call history.
Mobile

Uber’s in-car shopping service now sells way more than just snacks

The Cargo Box launched in 2018 to offer Uber drivers an easy way to sell snacks and drinks to riders. The service is now expanding to include lots more items, including tech products and travel accessories.
Photography

The Google Cardboard of scanners, this Kodak takes film from attic to Instagram

The Google Cardboard of film scanners, the Kodak Mobile FIlm Scanner uses a piece of cardboard and the camera that you already have in your pocket to get film in the attic on Instagram without a major investment.
Mobile

Unihertz's rugged phone with a keyboard launches July 30 on Kickstarter

Recently, only BlackBerry's phones have offered a physical keyboard. Not any more. Chinese manufacturer Unihertz is preparing to launch the Unihertz Titan -- a rugged phone with a built-in physical keyboard.
Mobile

Free yourself! How to unlock a phone from the icy hands of your wireless carrier

Do you want to know how to unlock a phone through your carrier or a third-party service like DoctorSIM? Regardless of which way you want to go, we've compiled a list of requirements and methods for doing so.
Music

How much is Spotify Premium, and how can you get it at a discount?

Having access to millions of songs comes at a price -- albeit, a pretty small one. Before you figure out how much Spotify Premium is going to cost, you will want to see if you qualify for a discounted (or even free) subscription.
Mobile

St. Paul, Minnesota, is the latest U.S. city to access Verizon's 5G network

Verizon is in the midst of a massive 5G rollout. Its mobile 5G network is now available in select areas of several cities such as Chicago and Denver. Here's everything you need to know about Verizon's 5G network.
Mobile

Renders suggest the Huawei Mate 30 Pro may have a special cinematic camera lens

The Huawei Mate 30 and Mate 30 Pro may join the Mate X folding phone as the company's star products for late 2019. This is what we know about the Huawei Mate 30 and Mate 30 Pro so far.
News

AT&T accused of selling customers’ location data to bounty hunters and stalkers

AT&T was hit with a lawsuit Tuesday accusing it of selling customers’ real-time location data to third parties like credit agencies and bail guarantors, along with bounty hunters and stalkers, without having customer consent. 
News

Worried about how FaceApp is using your photos? Here’s how to delete your data

Are you concerned about your privacy with FaceApp? If so, you might want to delete your data from the app. The app has come under fire for its terms of service and privacy policies that it can use your face photos in any way it wants to.