Technology News

iOS 10 Backups Can Be Cracked 2,500 Times Faster Than iOS 9, Claims Security Researcher

By Ketan Pratap | Updated: 23 September 2016 18:13 IST
iOS 10 Backups Can Be Cracked 2,500 Times Faster Than iOS 9, Claims Security Researcher
Highlights
  • Researcher claims security check in iOS 10 is 2,500 times weak than iOS 9
  • Elcomsoft says brute force attack can be carried on iOS 10 backups
  • New attack specific to password-protected local backups in iOS 10 devices
Advertisement

A security research company based in Moscow claims to have discovered a flaw in Apple's local password protected iTunes backups in iOS 10, a flaw that is said to weaken password security. According to ElcomSoft's Oleg Afonin, the security flaw lets attackers develop a new attack that can bypass certain security checks when tallying passwords protecting local backups in iOS 10 devices.

"The impact of this security weakness is severe. An early CPU-only implementation of this attack (available in Elcomsoft Phone Breaker 6.10) gives a 40-times performance boost compared to a fully optimised GPU-assisted attack on iOS 9 backups," writes Afonin.

Further detailing implementation of the attack, Elcomsoft claims that the new security check in iOS 10 is roughly "2,500 times weaker" compared to the one used in iOS 9 backups.

"Specifically they have changed from pbkdf2(sha1) with 10,000 iterations into using a plain sha256 hash with a single iteration only. This not only allows for a massive speed increase in password cracking, the change is so devastating that an early CPU-only cracking implementation is almost 40 times faster than a fully optimised GPU implementation for the old pbkdf2 version," writes Per Thorsheim, Security Adviser at God Praksis AS.

It's worth mentioning that the flaw discovered cannot be exploited remotely and needs the attacker to have access of the local backups in iOS 10.

Elcomsoft claims that brute force attack, which is a trial and error method used to decode encrypted data such as passwords, can only be carried on iOS 10 backups.

"This new vector of attack is specific to password-protected local backups produced by iOS 10 devices. The attack itself is only available for iOS 10 backups," notes Elcomsoft. The research firm however points that the "new" password verification method exists in parallel system as well with the "old" method though it doesn't affect the earlier versions.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: iOS 10, Apple
Ketan Pratap
Ketan Pratap
Ketan Pratap is the editor at Gadgets 360 - with over 12 years of experience covering the technology domain. With a breadth and depth of knowledge in the field, he's done extensive work across news, features, reviews, and opinion pieces. But what's truly inspiring about Ketan is how he spends his free time. He's often found gazing at snow-capped mountains from over 20,000 feet while sitting on the hood of his car, taking in the breathtaking beauty of nature. His passion for the great ...More
Idea Says Has Provisioned More Interconnection Points for Reliance Jio

Related Stories

iOS 10 Backups Can Be Cracked 2,500 Times Faster Than iOS 9, Claims Security Researcher
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Top OTT releases this week: Laapataa Ladies, Dil Dosti Dilemma and More
  2. HMD to Bring Self-Branded Smartphone to India; More Details on April 29
  3. Redmi Note 13 Pro+ 5G World Champions Edition Coming to India on This Date
  4. Oppo Find X7 Ultra Review
  5. Samsung Galaxy Z Fold 6 Ultra Might Not Be Available Everywhere: Report
  6. Samsung Galaxy S24 FE Spotted Online With Moniker and Model Numbers
  7. Lenovo Yoga 7i 2-in-1 With Up to Intel Core Ultra 7 CPUs Debuts in India
  8. Snapdragon X Elite Beats Apple's M3 Chip in This Geekbench Test
  9. Realme C65 5G With MediaTek Dimensity 6300 SoC Debuts in India: See Price
#Latest Stories
  1. Samsung Galaxy Z Fold 6 Ultra to Launch Just in South Korea; Galaxy Watch Ultra in Works: Report
  2. WhatsApp Goes: Platform Reportedly Warns It Will Exit India If Asked to Break End-to-End Encryption
  3. Redmi Note 13 Pro+ 5G World Champions Edition Design Teased; to Launch in India on April 30
  4. Samsung Galaxy S24 FE Moniker and Model Numbers Reportedly Spotted Online
  5. Google Meet Introduces ‘Switch Here’ Feature That Lets Users Switch Devices Without Leaving a Call
  6. HMD's Self-Branded Smartphone to Launch in India; Details to Be Revealed on April 29
  7. Google Gemini Reportedly Expands to Android 10 to Support Older Smartphones
  8. Realme C65 5G With MediaTek Dimensity 6300 SoC, Air Gestures Launched in India: Price, Specifications
  9. Samsung One UI 6.1.1 Update Tipped to Bring a Video AI Feature for Galaxy Smartphones
  10. Snapdragon X Elite Surfaces on Geekbench, Beats Apple's M3 Chip in Multi-Core Test
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »