- Researcher claims security check in iOS 10 is 2,500 times weak than iOS 9
- Elcomsoft says brute force attack can be carried on iOS 10 backups
- New attack specific to password-protected local backups in iOS 10 devices
A security research company based in Moscow claims to have discovered a flaw in Apple’s local password protected iTunes backups in iOS 10, a flaw that is said to weaken password security. According to ElcomSoft’s Oleg Afonin, the security flaw lets attackers develop a new attack that can bypass certain security checks when tallying passwords protecting local backups in iOS 10 devices.
“The impact of this security weakness is severe. An early CPU-only implementation of this attack (available in Elcomsoft Phone Breaker 6.10) gives a 40-times performance boost compared to a fully optimised GPU-assisted attack on iOS 9 backups,” writes Afonin.
Further detailing implementation of the attack, Elcomsoft claims that the new security check in iOS 10 is roughly “2,500 times weaker” compared to the one used in iOS 9 backups.
“Specifically they have changed from pbkdf2(sha1) with 10,000 iterations into using a plain sha256 hash with a single iteration only. This not only allows for a massive speed increase in password cracking, the change is so devastating that an early CPU-only cracking implementation is almost 40 times faster than a fully optimised GPU implementation for the old pbkdf2 version,” writes Per Thorsheim, Security Adviser at God Praksis AS.
It’s worth mentioning that the flaw discovered cannot be exploited remotely and needs the attacker to have access of the local backups in iOS 10.
Elcomsoft claims that brute force attack, which is a trial and error method used to decode encrypted data such as passwords, can only be carried on iOS 10 backups.
“This new vector of attack is specific to password-protected local backups produced by iOS 10 devices. The attack itself is only available for iOS 10 backups,” notes Elcomsoft. The research firm however points that the “new” password verification method exists in parallel system as well with the “old” method though it doesn’t affect the earlier versions.