iOS 10 Backup Weakness and How to Check It!

Researchers have discovered that the newly released iOS 10 seems to have a weakness in its security mechanisms, which skips certain security checks, potentially allowing unauthorized access to localized backups. If one lunches brute force attack, one can get the correct password up to 2,500 times faster iOS 9. This serious flaw was discovered by Moscow-Based ElcomSoft, and it involves local password-protected iTunes Backups.

Part 1: What is the iOS 10 backup weakness?

According to ElcomSoft, a well-known Moscow-based forensics company , iOS can easily be cracked using brute-force technique—where different combination of passwords are used to test whether a password-protected system can be accessed. In this case, what happened is that ElcomSoft, started testing the security of iOS as soon as it was out. It used Intel CO i5 CPU in the cracking efforts.

Surprisingly, locally backed-up data on iTunes was cracked 2,500 times faster in iOS 10 than iOS 9. That was about 6 million password guesses per second. According to the company, there is always a 80-90% chance of guessing the right passwords using its tool. What is even more worrying is the fact that anyone can easily buy the tool.

ios 10 backup weakness

Part 2: How to check iOS 10 backup weakness

So now the question is, how can one check iOS 10 backup weakness? First of all, it is important to note that Apple apparently used weaker hashing algorithm for local backups of iPhone fines stored on ones PC. The hashing algorithms are supposed to convert plain text into a hash—a string of letters and numbers. So password crackers normally attempt to make out the output or hash of the password and match it with plain text. That said, it therefore seems that the algorithm isn’t too complex for a password cracker to match its hash.

To put this into perspective, in iOS 9 and other earlier versions of iOS, Apple used an algorithm known as PBKDF2. This algorithm requires the hacker to run the password through it about 10,000 times and repeat that process for as long as the match is found. This means that one will have to do the iterations several billion times before getting a match. iOS 10 on the other hand uses SHA256 that requires just one iteration. That means a hacker with faster process only need to try one password once and repeated the process a few times to find a match. In short, this is not a good choice.

The good news is that Apple is aware of the issue and is working on it. As of now, the only way users can protect themselves is by using strong passwords that cannot be cracked through brute force technique. It is also important to note that the vulnerability is limited to iOS 10 local password-protected backups on iTunes. And we can also use a tool to veiw and check our iTunes backup. dr.fone - iPhone Data Recovery is such a powerful tool which enables users to directly view and check iTunes backup files on their computer. And we can try this tool to check our iOS 10 backups for security purposes.

dr.fone - iPhone Data Recovery

Check and view iTunes backup directly on the computer.

  • Allows you to view and check iTunes and iCloud backup.
  • Selectively preview and extract photos, contacts, messages, music and more from iTunes backup.
  • Restore any data you want from iTunes backup, iCloud backup.
  • Supports iDevices from iPhone 7 to iPhone 3GS that runs iOS 10/9/8/7 fully!
Available on: Windows Mac
3981454 people have downloaded it

How to check and view iTunes backup directly on your computer?

Step 1. Launch dr.fone on your iPhone.

Step 2. Click "Recover from iTunes Backup File". After clicking that, your iTunes backup will be detected on your PC and displayed on the window. You can then choose the ones you need to recover based on the date they were created.

itunes backup weakness ios 10

Step 3. Scan iTunes backup files data

Select the specific iTunes backup files data you need to recover and click "Start Scan". Give it a few minutes to get all the information from iTunes backup.

Step 4. View and check the data

Once all the selected data has been extracted and shown in the respective categories, you can preview them and check if they are existed. If needed, you can selectively recover the selected data to your device or computer by hitting the "Recover to Device" or "Recover to Computer" button as shown above.

ios 10 backup weakness

Part 3: Tips on how to protect your backups

ios 10 backup weakness tips

It is important that you ensure the security of your backup data is guaranteed. Backups are very essential when it comes to data management. However, failure to ensure security of data backups can be a sources of frustrations. As a matter of fact, a large percentage of security breaches can be attributed to mishandling and mismanagement of data backups. Here are some tips to ensure your data is protected:

• Choose strong passwords. Avoid simple or obvious passwords such as passwords containing your names, year birth or contact number. Also avoid simple English name passwords such as river, power, were etc.

• Limit the physical access of your devices to unauthorized parties. It is more difficult for someone to crack your password if they don’t have the phone.

• Use cloud services like iTunes and iCoud. The best way to ensure that a copy of your most important data is sheltered from tragic event such as losing your iPhone is backing up your data to a cloud storage platform such as iCloud and iTunes.

• Never share your passwords.

Whether you are using iOS 10 or earlier versions, it is important to ensure you are using a strong password when it comes to protecting your iTunes backup files.

They're downloading

dr.fone - Recover (iOS)

dr.fone - Recover (iOS)

Recover deleted data from iOS devices, iTunes and iCloud backup files.

dr.fone - Repair (iOS)

dr.fone - Repair (iOS)

Repair your iOS system issues at home, without data loss.

Product-related questions? Speak directly to our Support Team >>

Hot Articles
Home > How-to > iOS 10 > iOS 10 Backup Weakness and How to Check It!