iTunes backup passwords easy to crack, Apple to fix it soon
Apple’s latest iOS upgrade appears to have mistakenly put iPhone’s security at risk, according to a forensics company report.
Elcomsoft, a well-known Russian forensics company claimed that the recent password protection mechanism, named “alternate password verification” added to iOS 10 for manual backup via iTunes is weak, compared to a mechanism found in iOS 9.
“We discovered an alternative password verification mechanism added to iOS 10 backups. We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older,” Elcomsoft’s Oleg Afonin wrote in a blog post.
Apple is aware of the issue and is reportedly working to solve it. "We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC,” Apple said in a statement to Forbes. The company has said to address the issues in an upcoming security update.