There’s a security flaw in the iOS 10 backup protection mechanism, but Apple is working on it. Russian forensic company Elcomsoft says that cracking the logins for backups stored on a Mac or PC is considerably easier now.
“The flaw allowed us developing a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices,” according to Elcomsoft.
The company found that Apple was using a weaker password protection mechanism for manual backups via iTunes on Mac and PC. Using CPU acceleration, Elcomsoft could potentially guess backup passwords 40 times faster when compared to cracking iOS 9 with a speedier GPU tool.
Meanwhile, Apple has issued a statement acknowledging the problem: “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC,” a spokesperson said. We are addressing this issue in an upcoming security update. This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”