Apple’s latest mobile operating system, iOS 10, contains a significant security flaw that could compromise locally-stored device backups, according to a Russian firm that sells iPhone hacking software.
According to Elcomsoft, Apple introduced an “alternative password verification mechanism” to iOS 10 that “skips certain security checks” during the backup process. This flaw means Elcomsoft could brute force passwords 2500-times quicker than in iOS 9, severely weakening manual backups carried out via iTunes.
Using an Intel i5 CPU, the company was able to guess six million passwords per second. The same CPU targeting iOS 9 backups could only manage 2400 password guesses per second. This new, much weaker password verification method is only present in iOS 10; however, and rather strangely, the older, more secure version that runs on iOS 9 and earlier, is present in iOS 10, Elcomsoft said.
Security researcher Per Thorsheim also looked into the flaw, and found that a password hashing algorithm was to blame. “Specifically they have changed from pbkdf2(sha1) with 10,000 iterations into using a plain sha256 hash with a single iteration only,” he wrote. “The change is so devastating that an early cpu-only cracking implementation is almost 40-times faster than a fully optimized GPU implementation for the old pbkdf2 version.”
“The interesting question for Apple to answer,” Thorsheim added, “is whether this massive weakening of your security and privacy is intentional, if it is a stupid glitch, or is it clueless crypto/developers?”
What’s particularly worrying about this flaw is that it could potentially give hackers access to information stored in a user’s Apple Keychain. This could include passwords, credit card info and Wi-Fi network information. At the moment, this hack appears to be the only way of accessing the Keychain, as iPhones, iPads and iCloud are all considered too secure, Elcomsoft said.
“Keychain is Apple’s protected storage that is additionally encrypted on a file level (on top of the already active full-disk encryption that works on a block level). While stored on the device, the keychain is encrypted with a key that is buried deep in Secure Enclave. Even if you can jailbreak a 64-bit iOS device (iPhone 5s and newer), you would still be unable to extract decryption keys for the keychain,” Elcomsoft’s Oleg Afonin wrote.
“Logical acquisition (via password-protected iTunes backups) is currently the only way to extract and decrypt keychain data out of an iOS 10 device,” he added.
Apple confirmed to Forbes that it was aware of the issue and was working on a fix. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups.”
“We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption,” Apple’s statement added.