Click to Skip Ad
Closing in...

Apple says weak iOS 10 iTunes backup encryption will be fixed

Published Sep 26th, 2016 4:10PM EDT
iOS 10 Backup Encryption Issue
Image: Zach Epstein, BGR

iPhone backups are easier to crack if the device is running Apple’s iOS 10. Hackers discovered the issues, saying that Apple weakened backup security with iOS 10. But Apple is already on the case and plans to issue fixes for it.

DON’T MISS: iPhone 7 review

According to Forbes, well-known Russian forensic company, Elcomsoft said that cracking the logins for backups stored on a Mac or PC is considerably easier now. If that name sounds familiar, that’s because it’s believed that Elcomsoft helped hackers crack the Apple ID accounts of several celebrities in 2014, just a few days ahead of Apple’s iPhone 6 announcement.

The company found that Apple was using a weaker password protection mechanism for manual backups via iTunes on Mac and PC. Using CPU acceleration, Elcomsoft could potentially guess backup passwords 40 times faster when compared to cracking iOS 9 with a speedier GPU tool.

Using an Intel i5 CPU, the task was incredibly faster – an “astonishing 2,500 times faster,” as Forbes puts it. The computer would try 6 million passwords per second compared to 2,400. That lowers significantly the amount of time you have to wait for a computer to guess the correct password and access a backup data file.

“We discovered an alternative password verification mechanism added to iOS 10 backups,” Elcomsoft’s Oleg Afonin wrote in a blog post on Friday. “We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older.”

Apple, meanwhile, issued a statement acknowledging the problem.

“We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC,” a spokesperson said. We are addressing this issue in an upcoming security update. This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

And yes, you totally should protect the iTunes backups of your iPhone, iPad, and iPod touch with a password. That’s the only way to encrypt the iTunes backup.

Chris Smith
Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises. Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.