Experts complain about iOS 11: Data is not safe

ElcomSoft, a Russian company, said that now that many law enforcement agencies and other companies use iPhones, a change in the way Apple protects encrypted iOS backups makes the devices more vulnerable to certain types of attacks. However, it only works if the attacker has physical access to the device and is able to crack the passcode.

These changes were intentionally introduced as part of iOS 11.

In a blog post, the company said that anyone who wants to get private data off an iPhone faces two challenges. First, they must have access to the device itself, which usually requires knowing or cracking the passcode. Second, even with the passcode, you can't access all the data on the device unless you can also crack the passcode used to encrypt the device's backups.

Apple previously used encrypted backups that were included in the Keychain data chain, giving you easy access to any accounts used by the phone owner, as well as application data, etc. In fact, in many cases, authorities and other attackers will focus on cracking backups rather than the device itself because it provides easier access to more data.

Prior to iOS 11, if you made an encrypted backup to iTunes, every subsequent restore would use the password protecting that backup, even if you changed Macs. The password would be tied to any iPhone you set it on, not the PC (or copy of iTunes) you used to set it. You could connect your phone to another computer and back it up locally with a freshly installed copy of iTunes, and the backup would still be protected with the password you set long ago.

[[212014]]

Any attempt to change or remove the passcode must go through iOS, which requires providing the old passcode first. Forgot your original passcode? There's no going back, and unless you're willing to reset your device and lose all your data in the process, you can't get anything you want without the passcode.

This means that even if an intruder has your device passcode, they still won’t be able to access the private data stored in your encrypted backups.

However, in iOS 11, Apple changed this behavior. You still can't modify the existing password, but you can reset the password on the device and then make a new encrypted backup with a new password of your choice. You can then use the new password to access private data. Apple documents this process, so it's clearly a deliberate decision and not a bug.

[[212015]]

Apple seems likely to balance convenience with security, arguing that anyone with a device's passcode can generally legally access the device.

This new behavior will help those who have forgotten their backup passwords, as well as those who have passed away but shared their device passwords with family members. Many people believe that this change makes sense. The risk it poses is actually very low: someone must have physical access to your device and know your device's password. The benefit of Apple's new measures is that there is an emergency plan for many people who often forget their passwords.

And in daily use, we really only use the backup password when upgrading the device. But at the same time, ElcomSoft's point of view has won a lot of people's approval. It does make user data less secure, and it is reasonable to draw people's attention to this fact, so that anyone who cares about this issue can take corresponding measures in advance. In this case, we can set a stronger device password that intruders cannot easily crack and keep it safe.