iOS 11 Takes A Huge Leap, Trading The OS Security With User Convenience

Author Photo
Dec 1
12Shares
Submit

Apple introduced its latest iOS 11 firmware update back in September. Initially, the operating system needed a bevy of bugs to be squished and now, the company is gradually making it more stable. While there were quite a handful of changes introduced with iOS 11, both visual and under the hood, some of them were not quite obvious. With the passage of time, developers have been tinkering with the firmware, trying to look into what changes the iPhone-maker has implemented.

iOS 11 Opens iOS Devices For Hackers To Extract Sensitive Data Using Only Your Passcode

According to the latest findings, Apple has implemented a small security change in iOS 11 which could possibly lead to bigger things. As we have mentioned earlier, the change involves security and in the process of doing so, Apple has put security on the stack of the operating system in a bigger way. So let’s dive in to see some more details on the matter.

iphone-x-face-id-projectionRelatedWoman’s iPhone X Unlocked Via Face ID By Her Colleague Twice, On Original And Replacement Devices

As indicated by Elcomsoft, a Russian company used by the law enforcement to seep into the iPhones, the only thing that protects your sensitive data is a passcode. In previous iOS iterations, iOS 10 and prior, even if anyone did know your passcode, they could still not get access to your sensitive data such as your credit card details stored in Keychain. With iOS 11, it is different. Anyone who musters up to have your passcode noted can get their hands on the sensitive information on your device.

If someone wants to access private data from the iPhone, they had to accomplish two challenges. They must have the passcode to unlock the device itself and the strong password used for the encrypted backup of the device. All of the Keychain data is encrypted and hence it is secured. Thie password used to create the encrypted data remained the same irrespective of the PC that used to create the data.

The password would become the property of the i-device and not the PC (or the copy of iTunes) that was used to set the password. You could connect your phone to a different computer and make a local backup with a freshly installed copy of iTunes, and that backup would still be protected with the password you set a long time ago.

ios-11-1-2-software-updateRelatedApple Has Stopped Signing iOS 11.1.2, Downgrade No Longer Possible

Any attempt to change or remove that password must pass through iOS, which would require to provide the old password first. Forgot the original password? There’s no going back, you’re stuck with what you have unless you are willing to factory reset the device and lose all data in the process.

In many scenarios, hackers and other authorities prefer to crack the backup as it tends to have more data. iOS 11 has changed that. You don’t have the option available to change an existing password but you can reset the password on the device. With that said, you can then make a new backup with a new password of your choosing. This password would then be used to access your sensitive information.

Furthermore, since Apple documents the process, it can not be regarded as a bug or an exploit that the company might fix in a future update. Instead, it’s more of a deliberate approach. There are two sides here; security and convenience for the end user. It seems the company went with the latter probably thinking that anyone with a passcode as complete and legitimate access to the device.

Even though it may very well be convenient for users, Apple’s decision also poses a serious threat to users’ sensitive information. At this point, anyone with a passcode has the ability to get their hands on your personal data. We will let you guys know as soon as we hear more details on the story, So be sure to stay tuned in for more.

This is it for now, folks. What are your thoughts on Apple choosing user convenience over security for users? Share your insights in the comments down below.

Source: Elcomsoft

Submit