iPhone and iPad Tech News

Apple Admits iOS 10 Weakens iPhone Security

Dave Parrack 26-09-2016

Your iPhone is now potentially less secure than it previously was, and it’s all thanks to iOS 10 iOS 10 Is Here! Why You Should Upgrade Right Now Apple's tenth revision of its mobile operating system is here. This is how to upgrade right now for free. Read More .


Once you have updated your iPhone to iOS 10, manual backups How to Back Up Your iPhone and iPad Wondering how to back up your iPhone? Here's our simple guide to backing up your iPhone using either iCloud or iTunes. Read More are much less secure than they were previously. This is because the password-protected backups employ an “alternative password verification mechanism” which can be cracked a lot faster than the previous mechanism.

Elcomsoft, a Russian forensics company whose tools help hackers break into iPhones, discovered this vulnerability when updating its Phone Breaker. And it duly published a blog post revealing Apple’s mistake.

The company claims it could now crack into a backup file “approximately 2500 times faster compared to the old mechanism used in iOS 9 and older”. With iOS 9, Elcomsoft could process 2,400 passwords-per-second. However, with iOS 10 in its current state Elcomsoft could process 6 million passwords-per-second.

A Big Leap Back In Security

Apple is already on the case, telling Forbes it’s “looking into the issue”. The company also issued the following statement suggesting this vulnerability will be fixed sooner rather than later, saying:


“We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups.”

“We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

In order to take advantage of this vulnerability, a hacker would have to gain access to the Mac or PC where the backup is stored. So, there’s only a minuscule chance of this actually affecting users. Still, it’s a good job the vulnerability was discovered now and not several months down the line.

In the meantime we’ll leave you with the words of Per Thorsheim [Broken URL Removed], a password security expert who knows the score. He told Forbes Apple should win the “stupidity award of the year” for such “a big leap back in security”.

Image Credit: Microsiervos via Flickr

Related topics: Data Backup, Hacking, iOS, Smartphone Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *