Apple Acknowledges iOS 10 Backup Flaw, Will Issue Fix Soon

Pangu Home Page

Apple is brewing a fix to patch an iOS password flaw that allows credentials to be stolen from backups. And while that should guarantee further security, a known hacker posted a picture of a supposed successful iOS 10.0.1 jailbreak on Twitter.

In iOS 9, Apple had added several security checks which need to be cleared to gain access to the local backup on the Mac or PC. Hackers could use a brute force attack-a technique that involves automatically trying different password combinations-to crack the passwords users choose for their iOS 10 backups, steal credit card data, and infiltrate Apple's Keychain password manager, a digital vault where user store passwords and other authentication data.

According to The Verge, if Apple would disregard the lapses of "iOS 10", users of the system might be the main target of hackers all over the world.

According to Afonin, the weaker algorithm has handed Elcomsoft's password-recovery product, Phone Breaker, a 40-times performance boost in its CPU-only implementation over a faster GPU cracker.

Apple is tightening the security layer in iOS 10 and with the new iOS 10.0.2 being rolled out, it could be just an update of minor firmware and bugs fixing from the previous version. "This does not affect iCloud backups", an Apple spokesperson said. Apple recommended iOS 10 users to ensure strong passwords on their PCs or Macs. They also reminded everyone that additional security can be applied through FileVault disk encryption program found on Mac computers with OS X 10.3 or later versions. "However, you may be able to produce a local backup even if the phone is locked by using a pairing record extracted from a trusted computer".

Apple recently released iOS 10.0.2 and the version 10.1 is now under beta testing. It also said that the new security check in iOS 10 was roughly "2,500 times weaker" compared to the one used in iOS 9 backups. And while the Cupertino giant boasts about the security of its devices, this loophole leaves the backup data on the operating system vulnerable to password-cracking tools, reports iOS forensics company Elcomsoft.

Fans are now awaiting jailbreaking teams to release an iOS 10 jailbreak tool. Ride hailing app Ola has rolled out its latest update for iOS 10 that will include Siri and Apple Maps integration.

Related:

Comments


Other news