According to a new report by Forbes, Elcomsoft, a Russian firm famous for developing applications that are able to break into iPhone’s security has found out vulnerability in iOS 10 which is accessible if you update their tool. The vulnerability is related to iPhone backups. Breaking into an iPhone’s backup would give the hacker direct access to one’s life which is not very light to handle.
How’s this iOS 10 Vulnerability Accessible?
According to Elcomsoft, this vulnerability is present only in iOS 10 and is present in the “password verification mechanism” present in IOS backup option which was not there in older versions.
Note: We respect company’s privacy and it wouldn’t be safe at the same time to go in depth with the vulnerability, so we would be covering only key points on the matter.
The vulnerability basically makes it easier for the attacker to attack the backups that are not “password managed” and if one’s found then it can be easily cracked by Elcomsoft’s software.
According to Elcomsoft with the new update and easier vulnerability it would be much easier for the tool to crack into iPhone’s security making it 2500 times faster as compared to cracking the older versions which easily states how serious this vulnerability in iPhone is.
With iOS 9 it was possible to run only 2400 passwords per second but with iOS 10 this tool is able to run around 6 million of passwords per second making it damn easy to crack.
The report by Elcomsoft read as, “Forcing an iPhone or iPad to produce an offline backup and analyzing resulting data is one of the very few acquisition options available for devices running iOS 10.”
Seems like Apple knows well about this vulnerability and is working to fix this in IO 10. They stated, “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”
We would recommend our viewers to not to “backup” their iPhones until a secured patch update comes for iOS 10.