Security researchers at Elcomsoft
have discovered that iOS 10's local encrypted backups (that is, the
ones you create in iTunes) use an older password protection algorithm
that's much easier to crack than the one used in iOS 9 -- about 2,500
times easier, according to the team. If intruders can get to your iTunes
backups and use a brute force cracking tool, they could have a much
simpler time breaking the security and getting access to sensitive info
like account passwords or your Health app data.
The new security check is approximately 2,500 times weaker compared to the old one that was used in iOS 9 backups. At this time, we are getting these speeds:
Apple tells Fortune that it's planning to toughen up security in an "upcoming security update." It also stresses that this won't affect your iCloud backups, and that using full disk encryption on your computer (such as macOS' FileVault) can add some extra security in the meantime. You can read the full statement below.
The likelihood of someone both hijacking your computer and knowing that there's iOS data to swipe is rather slim, so you might not want to chuck out your local backups just yet. However, you'll definitely want to be careful about doing things that could compromise your computer, such as leaving it in a public space or running it without a tough-to-guess password.
"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption."
source: Fortune, Elcomsoft
The new security check is approximately 2,500 times weaker compared to the old one that was used in iOS 9 backups. At this time, we are getting these speeds:
- iOS 9 (CPU): 2,400 passwords per second (Intel i5)
- iOS 9 (GPU): 150,000 passwords per second (NVIDIA GTX 1080)
- iOS 10 (CPU): 6,000,000 passwords per second (Intel i5)
Apple tells Fortune that it's planning to toughen up security in an "upcoming security update." It also stresses that this won't affect your iCloud backups, and that using full disk encryption on your computer (such as macOS' FileVault) can add some extra security in the meantime. You can read the full statement below.
The likelihood of someone both hijacking your computer and knowing that there's iOS data to swipe is rather slim, so you might not want to chuck out your local backups just yet. However, you'll definitely want to be careful about doing things that could compromise your computer, such as leaving it in a public space or running it without a tough-to-guess password.
"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption."
source: Fortune, Elcomsoft
0 comments:
Post a Comment