The New iOS 10 Update Has Been Found To Lack Security: Update At Your Own Risk

iOS 10 Found To Lack Security Checks Against Brute-Force Attacks

Apple released iOS 10 last week to iPhone and iPad users excited over the prospect of new features coming to their devices. However, the Cupertino tech giant may have forgotten to mention what the iOS 9 successor does not come with. 

The iOS 10 was released last week to iPhone and iPad users the users of these devices were so happy with this update , but apparently this new update lack some implementations that could make it safe against hackers

This is was discovered by the Russian cyber-security firm Elcomsoft. The firm discovered recently that iOS 10 does not come with certain security checks that are present in iOS 9, as per Phone Arena.

One of the missing feature is the absence of security checks in iOS 10 . the absence of this feature is said to make the devices an easy target of brutal-force password attacks, were hackers will try out password by character until getting the right one.

The changes Apple implemented in iOS’s password protection mechanism is a “massive weakening of security and privacy.”  “I can’t see any reasonable logical explanation why Apple would have done this. This must be a bug on Apple’s part.” Thorsheim told Threat Post.

Elcomsoft’s Oleg Afonin explained that when jailbreaking a 64-bit iOS device, hackers would still not have the advantage of extracting decryption keys for Keychain, which contains password or authentication tokens to applications and security services that require authentication credentials. 

With iOS 10’s new password verification mechanism for backups, hackers can penetrate devices using random phrases and character combinations at least 2,500 times faster than iOS 9 and older OS iterations stated Elcomsoft on its blog.  With the weaker security, brute-force attacks on iOS 10 backups have a 40 times faster success rate than on iOS 9 backups. 

iOS 10’s shortcomings are only applicable to backups, which can only be hacked if the hacker has local or remote access to the mobile device, personal computer or Apple account credentials of a user according to the Russian firm. 

The downgrade in the hashing algorithm for the iOS 10 , from SHA1 with 10k iteration, Apple downgraded the alogarithm to plain SHA256 with a single iteration, this is according to Security researcher Per Thorsheim, the CEO of security firm God Praksis, this downgrade

This all lead to the  hackers having access to the operating system’s backups, enabling them to extract and decrypt Keychain data. 

Categories: 

Share This Story

Subscribe to RUUT.ug

Keep Up with Technology! Our news to your Email

About Author

A Technology enthusiast, developer and content maker that wants to keep you in the loop of that i keep an eye on. Let's Tech