iTunes backup vulnerability: What you need to know!Researchers claim new iTunes backup hash for iOS 10 iPhones and iPads easier to brute force than previous hash.
Looks like Apple added a new password verification system for encrypted iOS 10 device backups made by iTunes on Mac or Windows. It exists in parallel to the previous one, which uses a PBKDF2 algorithm, but uses SHA256 instead. That, according to researchers, makes it easier for someone with physical access to your computer, if logged in, to brute force the password and access your data.
What happened exactly?
Here's the deal, straight from Elcomsoft:
When working on an iOS 10 update for Elcomsoft Phone Breaker, we discovered an alternative password verification mechanism added to iOS 10 backups. We looked into it, and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older.
This new vector of attack is specific to password-protected local b...
Source:
iTunes backup vulnerability: What you need to know!