Apple has acknowledged claims that iOS 10 has weaker password security for local backups and promised it is looking into a fix, Forbes reports. Russian forensics company Elcomsoft discovered that the new iOS uses weaker password protection than previous versions when it comes to manual backups via iTunes. “We discovered an alternative password verification mechanism added to iOS 10 backups,” Elcomsoft’s Oleg Afonin wrote in a blog post. “We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older.”
The issue only affects local backups, so a hacker would need access to the user’s backup computer to make the attempt to gain access. Apple confirmed it would address the issue in an upcoming security update, but noted the problem doesn’t affect iCloud backups. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users,” Apple said. The company added in its statement, “Additional security is also available with FileVault whole disk encryption.”
