Apple Acknowledges iOS 10 Backup Flaw, Will Issue Fix Soon

And if there’s a company that would know, it’s Elcomsoft.

The security flaw was only discovered to be in iOS 10 users on iPhones.

What this means is that an attacker that can get his hands on a password-protected iTunes backup file created in iOS 10 can brute-force the password using this “new” alternative system and crack the file much faster.

“Logical acquisition (via password-protected iTunes backups) is now the only way to extract and decrypt keychain data out of an iOS 10 device”, Afonin wrote. The discovery was made when a team of researchers were working on an update for its own Elcomsoft phone breaker application for iOS 10.

The verification mechanism used by iOS 9 and older made it more hard to crack logins for local iTunes backups, he wrote.

Apple is already on the case, telling Forbes it’s “looking into the issue”. According to the post, the tool used to crack the iOS 10 was Cydia version 1.1.26.

As of now, there is no word on when exactly the new iOS update will be released, but until then, users are advised to change their password with a good mix of special characters to strengthen the security level.

According to iDigitalTimes, iOS 10 jailbreak developers are still at the research stage and jailbeaker Jay Freeman said that it is hard to modify the kernel due to a memory protection scheme that kills the device if it is compromised. These iPhone models are safe for Apple has integrated a special security hardware system called Secure Enclave.

Surely after going toe-to-toe with the feds over encryption and people’s right to privacy, the issue is a result of a big-time security blunder and not intentionally stabbing users in the back to please law enforcement?

This added security mechanism doesn’t affect earlier versions, and more importantly, it can not be used remotely. The flaw makes cracking secured backups 2,500 times easier.

Apple acknowledged the issue and promised the flaw will be fixed via an upcoming patch. This update was quite needed because the users had reported of a few issues in the first iOS 10 update and the fixes for the same were needed.

The firm’s CEO Vladimir Katalov said that Apple would have to update both iOS and iTunes with “significant changes in backup format”. Also, users should make sure that their Macs or PCs are protected with solid passwords!