An iOS 10 flaw exposes your backed up iPhone data to hackers

Vulnerability makes it simple for hackers to crack users' backup passwords

Apple'siPhonesand iPads running the iOS 10 operating system are exposed to a security flaw that allows credentials to be stolen from backups, according to a security firm.

Russian iPhone hacking firm Elcomsoft claimed to uncover the iOS 10 vulnerability, after the OS was released on 13 September, stating that it weakened backup security protection, thus making it simple for hackers to crack passwords used for backups of iOS devices stored on Macs and PCs.

Advertisement - Article continues below

Elcomsoft researcher Oleg Afonin, who helped find the flaw,said in a blog post that while iPhones and iPads are very secure, and any acquisition method gets increasingly difficult with every generation of the iOS operating system, there's still a way for hackers to get into users' backup data.

"Forcing an iPhone or iPad to produce an offline backup and analysing resulting data is one of the very few acquisition options available for devices running iOS 10," Afonin explained. "Local backups are easy to produce if the iPhone is unlocked. However, you may be able to produce a local backup even if the phone is locked by using a pairing record extracted from a trusted computer."

He added: "If you are able to break the password, you'll be able to decrypt the entire content of the backup including the keychain. At this time, logical acquisition remains the only acquisition option available for iPhone 5s, 6/6 Plus, 6s/6s Plus and 7/7 Plus running iOS 10 that offers access to device keychain."

Advertisement - Article continues below
Advertisement - Article continues below

According to Afonin, the flaws also mean cracking efforts against iOS 10 backups are 2,500 times faster compared to similar efforts against iOS 9, and if a cyber crook is successful, the attack will grant access to device keychains.

Apple said it is currently looking to release a patch to fix to the problem, and will address the flaws in an upcoming security update, adding that it did not affect iCloud backups.

"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC," said Apple in a statement. "We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorised users. Additional security is also available with FileVault whole disk encryption."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most malware came through HTTPS connections in Q1 2020

25 Jun 2020

Phishing attacks target unsuspecting Wells Fargo customers

24 Jun 2020

Trump administration wants to enhance the security of .gov sites

24 Jun 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020