Home > Geek

Hacking firm discovers new iOS 10 security flaw embedded in iPhone backups

By Yen Palec | Sep 27, 2016 10:29 AM EDT
Apple is developing a new version of iPhone for Japan.
(Photo : GettyImages/Carl Court) The phone is expected to incorporate FeliCa chip.

While most iOS upgrades always sport a handful of security patches, latest reports claim that Apple may have inadvertently weakened its own operating system with the latest iOS 10 update. Among the flaws pointed by experts could potentially allow hackers to access localized backups.

The vulnerability was first discovered by Russian security firm Elcomsoft which creates tools that can break into an iPhone. Elcomsoft claims that the vulnerability was discovered while the firm was working on an update for its phone breaking tool. The firm said that backups saved after a successful iOS 10 upgrade employs a new "password verification mechanism" that skips several security protocols.

Through this vulnerability, malicious users can essentially target password-protected backups automatically created by iOS 10. Should an attacker manage to get ahold of even one of those backup files without the associated password, Elcomsoft claims that its penetration tool can crack the encryption "approximately 2500 times faster compared to the old mechanism used in iOS 9 and older." Elcomsoft added that it could process up to 2,400 passwords per second on the iOS 9 operating system, while it can process up to six million passwords per second with iOS 10, according to The Verge.

In a statement sent to Forbes, Apple said that it is already aware of the issue and that the company is working to patch it up before more problems arise. Apple said that the vulnerability should be patched in an upcoming security update.

Despite the massive potential vulnerability, Elcomsoft said that it has one obvious limitation. The flaw is specific only to password-protected local backups on the iOS 10 operating system. This means that hackers should need to get access to the computer where the iPhone files are being stored. While some users opt to turn on local backups, iOS 10, by default, uses iCloud. Elcomsoft itself claims that Apple has made significant improvements with regards to security protocols for its iCloud storage option.

© Copyright 2016 AsiaStarz.com. All Rights Reserved.


Real Time Analytics