Apple Promises To Fix A Severe iOS 10 Security Flaw With iPhone Backups

Usually, the Mac or PCs protect the local iTunes backups by saving the passwords as hash keys in an encrypted file.

In iOS 9, Apple added several security checks which need to be cleared to gain access to the local backup on the Mac or PC. But with the iOS 10, Apple has implemented a weaker algorithm for creating hash keys for storing the passwords. That allows hackers or law enforcers to use a sophisticated software for guessing the best match for the password stored in the hash.

Afonin explains that this new password verification method in the iOS 10 appears to be 2,500 times weaker than the one in iOS 9. To prove that, he used an Intel Core i5 processor-based system to conduct a brute-force attack of guessing 6 million passwords per second for the iOS 10 backups. The same tool could guess 2,400 passwords per second for the iOS 9 backups.

One way to deal with Apple's iOS security flaw: jump right ahead to iOS 10 https://t.co/9AbJ80wBVI pic.twitter.com/WeSKA6z7oD

— Forbes Tech News (@ForbesTech) August 28, 2016

— Forbes Tech News (@ForbesTech) August 28, 2016

"Apple is definitely aware they have implemented [the flaw] themselves :)"

Katalov believes that a security update for iOS 10 may not be an easy solution to this security flaw. According to him, a holistic approach is required from Apple to overcome this issue. He told Motherboard in an email, "So I guess that not just iOS update is needed, but also iTunes update as well, and probably some changes to the backup format."

So expect Apple to address iOS 10's security flaw by releasing updates for several software including iOS, iTunes, and its Mac operating systems.

[Featured Image by Sean Gallup/Getty Images]