New system vulnerability makes iOS 10 easier to break into, Apple says it has started fixing it

Recently, according to foreign media reports, Apple's iPhone was exposed to the latest iTunes backup password verification mechanism used in iOS 10, which makes its system particularly vulnerable to attacks, but Apple now says it has begun repair work.

According to the latest investigation and testing results of Elcomsoft, a company specializing in designing software to gain access to iPhone data, the new iTunes backup password authentication mechanism used in iOS 10 makes the system easier to crack.

It is understood that encrypted iTunes backups on Macbooks or PCs can be protected by passwords, but according to previous data surveys, it is still possible for some password cracking software to force crack them. The current iTunes backup mechanism in the iOS system skips some specific security checks, which makes the cracking work of Elcomsoft easier, and the speed can crack iOS 9 and earlier system versions about 2,500 times faster.

If an attacker obtains the iTunes backup password, it means that they can freely access all data on the phone, including all passwords and other sensitive information stored in the keychain.

At this time, according to previous survey data, it can be found that the attack speed of iOS 10 is about 2500 times that of iOS 9. Here are the specific test results of Elcomsoft:

iOS 9 (CPU): 2400 times per second (Intel i5)

iOS 9 (GPU): 150,000 times per second (NVIDIA GTX 1080)

iOS 10 (CPU): 6,000,000 times per second (Intel i5)

According to the above data, Per Thorsheim, a security analyst from Peerlyst, said: Apple changed the original PBKDF hash algorithm to the SHA256 algorithm in the latest system. The former has 10,000 iterations, while the latter has only one. This situation leads to a significant increase in the speed at which attackers can brute-force attack the mobile phone system.

Apple recently issued a statement to Forbes, in which they said: Apple is aware of this problem and has begun repair work and is working hard to solve this problem. "We know that the latest iTunes backup password authentication mechanism used in iOS 10 is vulnerable to brute force cracking. We are currently working to fix this problem. But this will not affect the security of iCloud backups." An Apple spokesperson said, "We recommend that users set up settings that can only be accessed by authorized users to ensure the password protection of Macs and PCs. For additional security, you can use FileVault full disk encryption."

Apple has updated iOS 10 and Mac OS Sierra, so the issue will likely be fixed in a patch to the new versions of the software. It is understood that iOS 10.1 and Mac Sierra 10.12.1 have been beta tested earlier this week.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.