Apple has introduced a "severe" flaw in its newly-released iOS 10 operating system that leaves backup data vulnerable to password-cracking tools, according to researchers at a smartphone forensics company that specializes in unlocking iPhones.
In a blog post published Friday by Elcomsoft, a Russian company that makes software to help law enforcement agencies access data from mobile devices, researcher Oleg Afonin showed that changes in the way local backup files are protected in iOS 10 has left backups dramatically more susceptible to password-cracking attempts than those produced by previous versions of Apple's operating system.
Specifically, the company found that iOS 10 backups saved locally to a computer via iTunes allow password-cracking tools to try different password combinations at a rate of 6,000,000 attempts per second, more than 40 times faster than with backups created by iOS 9. Elcomsoft says this is due to Apple implementing a weaker password verification method than the one protecting backup data in previous versions. That means that cops and tech-savvy criminals could much more quickly and easily gain access to data from locally-stored iOS 10 backups than those produced by older versions.
Being a company known for breaking into iPhones, Elcomsoft unsurprisingly did not disclose the vulnerability to Apple before publishing its blog. But CEO Vladimir Katalov told Motherboard that his company responded to Apple's security team after it requested more information about the bug through the company's online support system early Friday morning.
"Apple is definitely aware they have implemented [the flaw] themselves :)" Katalov told Motherboard in an email.
An Apple spokesperson confirmed that the company is working on a fix.
"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update," the spokesperson said in a statement. "This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption."
The flaw could be a huge boon for law enforcement, spies, and sophisticated criminals who are able to gain possession of a victim's iOS backup file. While iOS devices themselves are known for having fairly solid security backed by a hardware module called the Secure Enclave, one of the remaining avenues of attack is to trigger a device to backup either to iCloud or a local computer, where data enjoys far less protection.
Normally, local backups are protected by a user's password. But in iOS 10, Apple has implemented a weaker hashing algorithm—a function used to verify and store passwords in an unrecognizable format. This allows police and hackers to more easily "brute force" the backup file's password by having a piece of forensics software guess millions of different passwords per second until it finds one that matches the stored hash.
Using an Intel i5 processor, Elcomsoft says it was able to guess passwords on iOS 10 backups 2,500 times faster than using the same hardware against an iOS 9 backup. That same processor was still 40 times faster than using a top-of-the-line graphics processor to brute force passwords on backups created by iOS 9. (Elcomsoft doesn't support GPU-based password cracking yet on iOS 10, but it should increase the speed even more once it becomes available.)
When compounded with lists of commonly-used passwords, Elcomsoft says the amount of time it takes to crack an iOS 10 backup's password can be reduced even further. Once an attacker has unlocked the backup, they can gain complete access to the device's data in its saved state—including the keychain, a file that's normally impossible to retrieve from the physical device which stores all the user's logins and passwords.
For its part, Apple at least seems interested in issuing a fix. But given the various pieces of software involved, it remains unclear how long it would take to roll out.
"The fix itself is probably not so easy, because that hash might be used for some other purposes we are not aware of," Katalov told Motherboard in an email. "So I guess that not just iOS update is needed, but also iTunes update as well, and probably some changes to the backup format."
UPDATE: Sept. 23, 5:50 p.m. ET: This story has been updated to include Apple's statement. Also, a previous version of this article mentioned rainbow tables as a method for determining a backup file's password, however rainbow tables would in fact not be usable in this case.