|
iTunes Backup Passwords 'Much Easier' to ***** in iOS 10, Apple Working on Fix
iOS 10 uses a new password verification mechanism for iTunes backups that makes them easier to *****, according to testing performed by Elcomsoft, a company that specializes in software designed to access iPhone data.
Encrypted iTunes backups created on a Mac or PC are protected by a password that can potentially be brute forced by password *****ing software. The backup method in iOS 10 "skips certain security checks," allowing Elcomsoft to try backup passwords "approximately 2500 times faster" compared to iOS 9 and earlier operating systems. http://cdn.macrumors.com/article-new...10-800x585.jpg Obtaining the password for an iTunes backup provides access to all data on the phone, including that stored in Keychain, which holds all of a user's passwords and other sensitive information. At this time, we have an early implementation featuring CPU-only recovery. The new security check is approximately 2,500 times weaker compared to the old one that was used in iOS 9 backups. At this time, we are getting these speeds:In specific terms, security analyst Per Thorsheim of Peerlyst says Apple has switched from using a PBKDF2 hashing algorithm with 10,000 iterations to using a SHA256 algorithm with a single iteration, allowing for a significant speed increase when brute forcing a password. [IMG]http://cdn.macrumors.com/article-new/2016/09/ios10password*****ingelcomsoft.jpg[/IMG]Image via Peerlyst In a statement given to Forbes, Apple confirmed it is aware of the issue and is working on a fix. "We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does **t affect iCloud backups," a spokesperson said. "We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption."As Apple points out, this security oversight is limited to backups created on a Mac or PC and does **t affect the security of iCloud backups. Most users likely do **t need to worry about this issue as it requires access to the Mac or PC that was used to make the backup. Apple has updates for iOS 10 and macOS Sierra in the works, and it's possible a fix will be included in the new versions of the software. iOS 10.1 and macOS Sierra 10.12.1 were seeded to developers and public beta testers earlier this week. Related Roundup: iOS 10 Discuss this article in our forums http://feeds.feedburner.com/~ff/MacR...?d=6W8y8wAjSf4 http://feeds.feedburner.com/~ff/MacR...?d=qj6IDK7rITs http://feeds.feedburner.com/~r/MacRu...~4/UbAytyu0VWo أكثر... |
| الساعة الآن 09:38 PM |
Powered by vBulletin® Copyright ©2000 - 2026, Jelsoft Enterprises Ltd. TranZ By
Almuhajir