Apple confirmed the issue to Forbes, with a spokesperson saying, “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups.”
Professional iPhone hackers say that the iOS 10 update has made it easier for them to get inside Apple's smartphones. The latest Apple operating system has made it possible for them to go inside manual backups that are stored inside a PC or a Mac desktop computer.
According to Forbes, the iOS 10 security flaw news comes from the Russian forensic company Elcomsoft. The security risk that comes with the iOS 10 update apparently allowed the company to go through the PC and Mac backup files made by iOS 10 devices via iTunes.
In iOS 9, Apple added several security checks which need to be cleared to gain access to the local backup on the Mac or PC. But with the iOS 10, Apple has implemented a weaker algorithm for creating hash keys for storing the passwords. That allows hackers or law enforcers to use a sophisticated software for guessing the best match for the password stored in the hash.
This means that they are able to discover a new password verification method in iOS 10 backups and found lighter security checks that were brought about by the new OS udpate. The security risk that comes with the iOS 10 update apparently allowed the company to go through the PC and Mac backup files made by iOS 10 devices via iTunes. This means that they are able to discover a new password verification method in iOS 10 backups and found lighter security checks that were brought about by the new OS udpate. Afonin explains that this new password verification method in the iOS 10 appears to be 2,500 times weaker than the one in iOS 9. To prove that, he used an Intel Core i5 processor-based system to conduct a brute-force attack of guessing 6 million passwords per second for the iOS 10 backups. The same tool could guess 2,400 passwords per second for the iOS 9 backups. The security flaw was only discovered to be in iOS 10 users on iPhones. The Russian company noted that it is difficult for them to bypass the physical phones of the users or look into their iCloud.
Apple admitted that they are aware of the security issue of the iOS 10 update and they are working on it. The company explains that they will be rolling out a new security update to prevent hackers from getting into backups via iTunes on the Mac or PC. However, the iOS 10 security vulnerability does not include iCloud backups. Apple has now recommended for iPhone users with iOS 10 updates to protect their PC or Mac desktop systems with strong passwords. For added security, it is recommended to encrypt their files with FileVault which is a disk encryption tool available in OS X 10.3 and higher.
0 comments:
Post a Comment