Researchers say iOS 10 backups can be cracked 2,500 times faster


iOS 10 comes with more than a redesigned iMessage and widgets. It also ships with a serious design defect that makes it vastly easier to crack password-protected backups.

Moscow-based ElcomSoft discovered the flaw, which is centered around local password-protected iTunes backups. On iOS 10, these now have a weak secondary security mechanism which “skips certain security checks”. This makes it possible to launch a brute-force attack – where different passwords are tested until the correct one is identified – up to 2,500 faster than iOS 9.

This separate security mechanism is distinct to iOS 10; it doesn’t affect earlier versions. It also exists in parallel with the earlier, more secure system.

Technical details are scarce on the ground, but ElcomSoft believes that the flaw is because Apple changed the iOS 10 hashing algorithm from a secure one to a vastly weaker one.

According to ElcomSoft, this flaw means that it’s possible to test 6 million passwords per second on iOS 10, using a computer with an Intel Core i5 CPU.

It’s worth emphasizing that this exploit can’t be used remotely. The attacker needs to have access to your local backup, which contains everything from media files, to HealthKit and HomeKit data, and more.

ElcomSoft are well known for their password- and DRM-defeating software. The Moscow-based firm has been around since 1990, and has defeated security measures from the likes of Adobe and Microsoft, often landing its researchers in legal hot water in the process.

We’ve reached out to Apple and will update this story if there’s a response.

Read next: Twitter adds a button to help you train its algorithm