Skip to main content
  1. Home
  2. Phones
  3. Apple
  4. Computing
  5. Mobile
  6. News

iOS 10 was not great for Apple’s backup security, experts say

Add as a preferred source on Google

In love with the new iOS 10? If you’re a hacker, you probably are. That’s because the newest operating system allegedly makes it “considerably easier” to hack iTunes logins for backup passwords stored on a Mac or PC. According to software company (and iPhone expert) Elcomsoft, the backup method used in iOS 10 “skips certain security checks,” which allowed professional hackers to test backup passwords “approximately 2500 times faster” when compared to iOS 9 and previous generations.

In a blog post detailing its findings, Elcomsoft wrote, “We discovered a major security flaw in the iOS 10 backup protection mechanism. This security flaw allowed us developing a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices.”

Recommended Videos

If you’re asking how serious of a problem this is, the software company says it’s “severe.” In fact, the company said, widely accessible tools achieved an 80 to 90 percent chance of successfully hacking a backup password — these are tools that can be purchased by just about anyone, not just law enforcement officials.

The problem, security expert Per Thorsheim wrote in a blog on Peerlyst, is that Apple is now using a weaker weaker hashing algorithm when it comes to iPhone data kept on PCs. As Forbes explained, “In iOS 9 and prior versions back to iOS 4, Apple used what’s known as a PBKDF2 algorithm and had the password run through it 10,000 times, so a hacker would have to run their plaintext guess through the algorithm 10,000 times too and repeat the process until a match was found. In the iOS 10 alternative version, a different algorithm known as SHA256 was used but with just one iteration.”

Apple, for its part, has admitted to this shortcoming. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

Lulu Chang
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Android desktop mode made me miss my laptop in record time
I tried writing and publishing from Google’s phone-to-monitor setup, and the future of mobile computing immediately started sweating.
Computer, Electronics, Laptop

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

Read more
After test-driving iOS 27, my iPhone still doesn’t feel like it has made a substantial leap
Siri learned new tricks. Safari got smarter tabs. My morning routine didn't change at all.
iOS 27 new star rating feature in Photos

Every June, after Apple wraps up its annual WWDC keynote, I install the latest iOS beta on my iPhone, watch the progress bar crawl to completion, and wait for the inevitable restart. For years, picking up my phone afterward felt almost identical to how it did before the update. 

I saw the same grid of icons, the same Control Center, and the same version of Siri until iOS 26 finally broke that pattern in 2025.

Read more
Android 17 makes a strong case for ignoring Android version numbers entirely
When the most noticeable change is a better Quick Settings button, the annual update cycle starts looking more like branding than progress.
Android 17 logo.

Android 17 finally separated the Wi-Fi and mobile data buttons, and I hate how much that improved my mood. For years, Android treated internet access like one mysterious blob, as if Wi-Fi and cellular data were emotionally codependent. In Android 17 Beta 3, Google split the old combined Internet button into separate Wi-Fi and mobile data tiles, making each connection easier to switch off with a single tap.

That’s a good change, which is also why it’s a little damning. When one of the cleanest wins in a major OS update is “the buttons make sense again,” the celebration gets awkward fast.

Read more