Apple’s newly launched iOS 10 is vulnerable to hacking its password-protected backups.
A “severe” security flaw has been uncovered in Apple’s newly-released iOS 10, which according to security researchers, can allow hackers to crack the passwords for backups stored on a Mac or PC 2,500 faster than before.
Elcomsoft, a Russian company that builds tools to help police access people’s devices—uncovered changes to the way Apple protects backup data stored on your computer through iTunes.
“This new vector of attack is specific to password-protected local backups produced by iOS 10 devices. The attack itself is only available for iOS 10 backups. Interestingly, the ‘new’ password verification method exists in parallel with the ‘old’ method, which continues to work with the same slow speeds as before.” the company added.
According to security experts at ElcomSoft, this backup passwords in iOS 10 could be potentially guess 40 times faster using CPU acceleration than in iOS 9 and even 2,500 faster in iOS 10 than iOS 9 when using Intel i5 CPUs for cracking efforts.
According to Elcomsoft CEO Vladimir Katalov, the more secure version of storing passwords has been used by Apple back to iOS 4. At his turn, password security expert Per Thorsheim explained in a blog on Peerlyst that Apple uses now a weaker version of hashing algorithm for local iPhone files backups stored on PCs.