Russia, Moscow: The digital forensic and IT security company ElcomSoft Co. Ltd has discovered a flaw in the Apple’s iOS 10 operating system, where anyone with a suitable set of tools can break into the backup passwords of iOS devices.
The security researchers identified the vulnerability when they were working on an iOS 10 update for their software “Elcomsoft Phone Breaker”. The flaw was found in the backup protection mechanism of iOS 10 devices, by which an individual can bypass the security checks while enumerating passcodes used for iTunes backup. Interestingly, the latest mechanism bypasses some security measures which allows a hacker to try passwords faster than previous versions of iOS.
This new vector of attack is specific to password-protected local backups produced by iOS 10 devices. The attack itself is only available for iOS 10 backups. Interestingly, the ‘new’ password verification method exists in parallel with the ‘old’ method, which continues to work with the same slow speeds as before.
Official Statement by Elcomsoft
Is There A Way To Protect Your iOS Devices?
Being rock-solid against passcode breaking and hacking, iOS has proved to be one of the strongest operating systems till date. However, due to a weakness revealed in password protection mechanism of iOS 10, users have started to question that if iOS can still be trusted as most secure OS? How to make iOS devices protected against the possible threats?
Interestingly, if one gets successful into breaking the password, then he can freely decrypt entire media on backup. Considering the situation, we can say that iPhone 5s, 6s/Plus, 7/Plus with iOS 10 can get exploited.
Now, the only way to stay safe at this moment is not to update your device to iOS 10, until Apple officially fixes the flaw.