Apple Weakens Security with iOS 10: Brute-Force Attacks on Backups Are 2,500 Times Faster Than iOS 9
Security experts say that Apple’s latest iOS 10 ships with a serious security flaw that makes it easier to crack password protected backups.
ElcomSoft, a well-known Moscow based forensic firm, has discovered a flaw that makes the task of cracking logins for backups considerably easy when compared to earlier iOS versions. Apparently, iOS 10 has a weak secondary security mechanism for local password-protected iTunes backup. This secondary mechanism “skips certain security checks,” making it possible to launch a brute-force attack.
iOS 10 security: cracking backup passwords is 2,500 times faster
Brute-force attacks on iOS 10 are 2,500 times faster than iOS 9. This means that it’s possible to test 6 million passwords per second on iOS 10 using a computer powered by an Intel Core i5. While technical details are scarce, ElcomSoft believes that Apple has changed the iOS 10 hashing algorithm from a secure one to a vastly weaker one, causing this security weakness.
“We discovered an alternative password verification mechanism added to iOS 10 backups. We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older,” ElcomSoft wrote in a blog post today.
This added security mechanism doesn’t affect earlier versions, and more importantly, it cannot be used remotely. Since the vulnerability is specific to password-protected local backups on iOS 10, an attacker would need to have access to your local backup, which stores all of your data. “Interestingly, the ‘new’ password verification method exists in parallel with the ‘old’ method, which continues to work with the same slow speeds as before,” ElcomSoft noted.
The firm’s CEO Vladimir Katalov said that Apple would have to update both iOS and iTunes with “significant changes in backup format.”
A little about ElcomSoft
ElcomSoft is a well-known forensic firm that has been around since 1990s. The company is famous for their password-cracking software, and has previously exploited security flaws in Adobe and Microsoft. The firm was also in the media attention when it was believed that ElcomSoft’s kit was used by hackers to expose nude celebrity pictures back in 2014.
Much like Cellebrite, ElcomSoft also makes money by exploiting the vulnerabilities in different software and selling kits that can break into devices. After the release of iOS 10, the company started trying to break into the new software and check it for its security measures. This isn’t the first “weaker iOS 10 security” news, however. We have already seen a 19-year old Luca Todesco successfully jailbreaking iPhone 7.
More technical details can be found in ElcomSoft’s blog post. We will update this post if Apple comments about the iOS 10 security issues.