Apple iOS 10 Flaw Makes It Easier To Hack iPhone Backups
Researchers uncover “major security flaw” in Apple’s iOS 10 backup protection for iTunes as iOS 10.0.2 fixes unrelated headphone issue
Apple’s backup protection in its latest iOS update has been called into question by a well-known Russian forensics company.
The company, Elcomsoft, revealed in a blog posting that it had uncovered “a major security flaw in the iOS10 backup protection mechanism.”
Backup Flaw
“This security flaw allowed us developing a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices,” it wrote.
“The impact of this security weakness is severe. An early CPU-only implementation of this attack gives a 40-times performance boost compared to a fully optimized GPU-assisted attack on iOS 9 backups.”
Elcomsoft is known to sell its phone breaking software to all parties, not just law enforcement officials. Indeed, some beleive its software was involved with the infamous “Celebgate” hack in 2014, which saw nude photos of the likes of Jennifer Lawrence exposed.
Elcomsoft said that when it was developing an update to its Phone Breaker software, it noticed an alternative password verification mechanism had been added to iOS 10 backups.
Unfortunately, it seems that Apple had decided to forgo certain security checks, which if an attacker managed to get one of those backup files without the associated password, it allowed the researchers to try passwords approximately 2,500 times faster compared to the old mechanism used in iOS 9 and older.
“This new vector of attack is specific to password-protected local backups produced by iOS 10 devices,” the researchers said. “The attack itself is only available for iOS 10 backups.”
The firm said that even without GPU acceleration the new method works 40 times faster compared to the old method with GPU acceleration.
The researcher admitted that Apple iPhones are secure and each iOS release makes it tougher to crack, so that leaves the iTunes backup as the one remaining point of vulnerability.
Apple confirmed it was looking into the issue and said it only affected backups on iTunes.
“We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC,” it said in a statement to Forbes.
“We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorised users. Additional security is also available with FileVault whole disk encryption.”
Apple Security
Meanwhile Apple’s solid security reputation continues to be eroded. Only last week Cambridge computer scientist Dr Sergei Skorobogatov revealed that iPhone passcodes could be bypassed by modifying the smartphone with a £75 cloned memory chip which can brute force the password lock.
Other methods have been used to hack iPhones in various ways in the past, including cloning fingerprints to trick the Touch ID scanner with Play-Doh.
And earlier this year, iPhone malware has discovered after human right activist Ahmed Mansoor in the United Arab Emirates (UAE), was targeted by sophisticated spyware for the iPhone.
That exploit code, dubbed Trident, could have turned the iPhone of a human rights activist into a spyware device with just one click.
Apple meanwhile has already released 10.0.2. to address a headphone flaw. The update includes fixes for when Lightning headphones momentarily lose playback controls.