Posted on 09/26/2016 4:03:59 PM PDT by Swordmaker
Forensic researcher claims iOS 10 local backups are easier to crack since the security protection is 2,500 times weaker than in iOS 9, but Apple promised to roll out a patch for the security flaw.
After Apples battle over encryption with the FBI, youd expect Apples newest iOS to continue the trend of providing even better privacy and security than the previous iOS version. Sadly, thats currently not true as iOS 10 has a major security flaw which leaves the data locally backed up to iTunes much more vulnerable to password cracking.
At least that is what Russian forensic software company Elcomsoft claimed on Friday. Apple allegedly weakened the method for protecting local backup files in iOS 10 by skipping some security checks. In other words, the security mechanism for protecting iOS 10 backups, which are saved locally on a computer via iTunes, are more susceptible to password-cracking tools.
The new security check is approximately 2,500 times weaker compared to the old one that was used in iOS 9 backups, Elcomsoft researcher Oleg Afonin announced.
Elcomsoft, which makes forensic software to gain access to password-protected, locked and encrypted information on mobile devices, was tweaking its Phone Breaker software so it would work on iOS 10. Thats when the company discovered the alternative password verification mechanism which Apple added to iOS 10 backups.
(Excerpt) Read more at computerworld.com ...
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
You should have your entire computer FileVaulted with a strong password. . . and that would keep them out completely and ALSO out of iTunes and your iPhone and iPad backups, regardless of how weak the iOS hash might be. FileVault makes it all a moot point.
There are pros and cons to FileVaulting your computer. If you forget your password, you can be completely locked out of getting to your data. Not even Apple can help you retrieve your data. Of course, that is the intent, to completely lock out others from getting your data. If you take this course, then be sure you back up your data and have access to the passwords! A brother-in-law of mine is always having me do his updates on his machine, and gripes when I ask him for his admin passwords. Because he forgets. Then I have to find my notes on what his passwords are!
As you say, if hackers have your computer, so be it, you have more to worry about than your phone backups.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.