With every iOS release Apple tries to close any vulnerabilities that may expose its devices to hackers, however more often than not while fixing things it accidentally creates more flaws. Now it has been revealed that the new iOS 10 update weakens the iPhone security by giving unauthorized access to the local backups to anyone who wants to gain information from them. This according to Forbes was revealed by Elcomsoft, which is a Russian firm responsible for creating tools to break into iOS devices. The company discovered the new vulnerability in iOS 10 while it was adding support for the new operating system in its hacking tool.
According to Elcomsoft Apple is using a new password verification mechanism in iOS 10 that is worse than iOS 9 or previous versions. This allows the hacker who doesn’t even have the associated passwords of iTunes backups to crack them much faster. Elcomsoft says previously with the older mechanism that was used in iOS 9 its tool could try to crack Apple’s encryption by trying just 2400 passwords per second, however now with the new mechanism it can run 6 million passwords per second that effectively makes the process of cracking much faster and more feasible.
While it revealed that iTunes backups are now more vulnerable to hackers, the firm also noted that it has gotten more difficult to break into an iOS device itself or into iCloud. iTunes Backups that are stored on the user’s computer remain vulnerable and a weak link in Apple’s security.
The good news is Apple is already working on a solution and has acknowledged the problem in a statement issued to Forbes.
“We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”