Skip to main content
  1. Home
  2. Mobile
  3. News

iOS 10 was not great for Apple’s backup security, experts say

Lulu Chang
By

ios 10 two thirds installed version 1476106688 0 2
Image used with permission by copyright holder
In love with the new iOS 10? If you’re a hacker, you probably are. That’s because the newest operating system allegedly makes it “considerably easier” to hack iTunes logins for backup passwords stored on a Mac or PC. According to software company (and iPhone expert) Elcomsoft, the backup method used in iOS 10 “skips certain security checks,” which allowed professional hackers to test backup passwords “approximately 2500 times faster” when compared to iOS 9 and previous generations.

In a blog post detailing its findings, Elcomsoft wrote, “We discovered a major security flaw in the iOS 10 backup protection mechanism. This security flaw allowed us developing a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices.”

Recommended Videos

If you’re asking how serious of a problem this is, the software company says it’s “severe.” In fact, the company said, widely accessible tools achieved an 80 to 90 percent chance of successfully hacking a backup password — these are tools that can be purchased by just about anyone, not just law enforcement officials.

Related

The problem, security expert Per Thorsheim wrote in a blog on Peerlyst, is that Apple is now using a weaker weaker hashing algorithm when it comes to iPhone data kept on PCs. As Forbes explained, “In iOS 9 and prior versions back to iOS 4, Apple used what’s known as a PBKDF2 algorithm and had the password run through it 10,000 times, so a hacker would have to run their plaintext guess through the algorithm 10,000 times too and repeat the process until a match was found. In the iOS 10 alternative version, a different algorithm known as SHA256 was used but with just one iteration.”

Apple, for its part, has admitted to this shortcoming. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

Editors' Recommendations

Topics
Lulu Chang
Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
This could be our first look at iOS 18’s huge redesign
An iPhone 14 Pro Max and iPhone 14 Pro standing upright on a desk.

While iOS 17 fell short on a visual overhaul, Apple is rumored to be working on an updated identity for its next iOS version. Previous reports have claimed that the upcoming iOS 18 will feature visionOS-like elements introduced on the Apple Vision Pro. A new report confirms this with a leaked image of the iOS 18 Camera app.

According to a report from MacRumors, the next version of the Camera app could feature visionOS-style design elements. It is based on an iPhone frame template that the publication received from an anonymous source who claimed to have received it from an iOS engineer. It is said to have been included as part of the Apple Design Resources for iOS 18.

Read more
Everything Apple says is wrong about the DOJ’s iPhone lawsuit
The Apple logo on the iPhone 14 Pro Max.

The antitrust season is in full swing in 2024. This time around, Apple is in the cross-hairs of regulators, bringing back memories of the historic Microsoft antitrust case that unfolded over two decades ago. Back then, the focus was on Windows and web browsers. In Apple’s case, the iPhone is the centerpiece, with a wide ecosystem woven around it.

Experts say the case against Apple, which dives deep into monopolistic conduct, is surprisingly strong. The Department of Justice, in its lawsuit, has targeted everything from the iMessage “green bubble” mess and Apple Watch incompatibility situation to the locked app ecosystem and objectionable practices that Apple has put in place to maintain its alleged monopoly.

Read more
10 reasons you should buy an iPhone in 2024
Purple iPhone 14 (left) and a green iPhone 15 in hand.

The iPhone 15 lineup — which includes the standard iPhone 15 and the iPhone 15 Pro — is the iPhone at its best. It's the latest series of iPhones available today and the default choice if you're buying a new iPhone in 2024.

But it’s not the only choice of iPhones you can purchase. In fact, Apple still sells the iPhone 14, iPhone 13, and the iPhone SE on its website. You could also find other iPhone models available – refurbished or new — from other retailers or carrier stores.

Read more