News

‘Crack iOS 10 backup passwords significantly faster than iOS 9’

By admin
Spread the love

Elcomsoft has found a vulnerability in the password authentication mechanism that iOS 10 uses for backups. According to the company, this ensures that passwords for offline backups of iPhones and iPads with iOS 10 can be verified significantly faster.

Elcomsoft claims to have discovered an ‘alternative verification mechanism’ for iOS10 backups, which ‘skips certain security checks’. The company does not go into details about the method, but does state that the old way of cracking passwords with offline backups also works.

With the new method, passwords in iOS 10 could be verified twenty-five hundred times faster than in iOS 9, using a system with an Intel Core i5 processor. The exploit would even work forty times faster on a CPU than the old method with iOS 9 on a system with Nvidia GTX 1080. For password cracking, video cards are usually used because of the greater parallel computing power compared to CPUs. Elcomsoft does not yet have GPU support for the new cracking method. Once it is there, even faster cracking would be possible.

Already, a password for iOS 10 backups of six randomly chosen lowercase alphanumeric characters can be cracked in minutes, the company claims. “Add a character and it can still be brute-forced in hours,” says Elcomsoft. Cracking a seven-character password on iOS 9 would take nearly a week.

Elcomsoft is a Russian company that specializes in forensic investigations in the ICT field. The company states that the security of iOS has been greatly increased since version 8 and that ‘logical acquisition’ is in fact the only remaining way to crack passwords. In this case, a complete copy of the contents of the iOS device is saved as a backup, in order to be able to perform a password analysis with tools. Elcomsoft develops such a tool itself: the Phone Breaker. After cracking the password, the entire contents of such a device are available, including the Keychain, in which Apple stores passwords and authentication tokens for services and sites.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

EU Council determines position on security requirements for digital products

News

Zeeland power grid is full, grid operator stops new requests from major consumers