Professional iPhone hackers say that Apple has dropped the ball on password security with its latest iPhone operating system, making the task of cracking the logins for backups stored on a Mac or PC considerably easier
According to Forbes the claim comes from Elcomsoft, a well-known Russian forensics company, whose kit was thought to have been used by hackers who exposed celebrities’ nude pictures in 2014. Like market leader Cellebrite, it makes its money selling kit that can break into iPhones for the purpose of rooting around a target’s device. As soon as iOS 10 was out, the company started probing its security, and found Apple was using a weaker password protection mechanism for manual backups via iTunes than it had done previously.
The right password with its tools
“We discovered an alternative password verification mechanism added to iOS 10 backups. We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older,” Elcomsoft’s Oleg Afonin wrote in a blog post today.