Moscow-based software developer Elcomsoft discovered that iOS 10 uses an older password protection algorithm. The Russian software firm was working on an iOS 10 update to its password cracking PhoneBreakersoftware, when it discovered that Apple uses a different password verification system for iOS 10 that skips certain security checks. That allows a hacker to try out passwords 2,500 times faster compared to the old system used on iOS 9. This type of brute force attack is much more apt to work on iOS 10.
“The impact of this security weakness is severe. ” wrote Oleg Afonin, researcher at the company, “If you are able to break the password, you’ll be able to decrypt the entire content of the backup including the keychain. At this time, logical acquisition remains the only acquisition option available for iPhone 5s, 6/6Plus, 6s/6sPlus and 7/7Plus running iOS 10 that offers access to device keychain.”
Keychain is Apple’s protected storage that is additionally encrypted on a file level, which “contains information such as saved passwords or authentication tokens to applications requesting secure storage for authentication credentials, Safari logins and passwords, credit card information, Wi-Fi network information, and any data that third-party app developer consider worthy of extra protection.” The blog post continues.
Elcomsoft helped hackers crack the Apple ID accounts of several celebrities in 2014, just a few days ahead of Apple’s iPhone 6 announcement.
In response, Apple said that it is “addressing this issue in an upcoming security update.” Meanwhile, it recommends users “ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”