Security experts claim that Apple has lowered their security measures in iOS 10 making password cracking easier for criminals targeting victim devices.
Apple Lowered the Security Measures with iOS 10
Security experts from Elcomsoft claim that Apple has lowered their security standards in iOS 10, the latest version of the mobile operating system. This is a well-known Russian cyber forensics company that is infamous for the criminal use of its kit. Criminals used it in the 2014 Hollywood nude photographs leak.
Vendors such as Elcomsoft profit from selling kits that can compromise iPhones and other consumer devices. The security specialists started proving the security measures of the iOS 10 system as soon as it was introduced to the masses. They concluded that Apple used a weaker password protection mechanism for creating manual backups via iTunes.
Elcomsoft states that it could potentially crack the backup passwords 40 times faster using CPU acceleration in comparison to GPU cracking them in iOS 9. When using the same Intel Core i5 processors, the experts discovered that it is 2500 times faster, resulting in 6 million passwords guesses per second. According to preliminary information, this gives the experts an 80-90% chance of successfully brute forcing the password for the newest iteration of Apple’s mobile operating system.
The Russian company also discovered an alternative password verification mechanism that is added to the iOS 10 backups. It skips certain security checks and allows the researchers to brute force passwords about 2500 times faster.
The problem is only found in local backups of iOS 10. This means that criminals hoping to exploit the vulnerability need to gain access to the computer where the backups are stored. The researchers propose that a possible scenario would be manipulating the user to produce an offline backup of their iOS and then retrieve the data through social engineering.
Apple has acknowledged the issue, and they are going to address the problem in an upcoming security update. The company added that iCloud backups are not affected.