A Russian company that produces phone-cracking technology is warning that iOS 11 made changes to the way data on iPhones and iPads is encrypted. That change leaves the information more vulnerable to certain types of attacks.
ElcomSoft, the Moscow-based creator of password recovery and decryption tools that are used by law enforcement to crack locked devices, published a blog post detailing how the latest version of Apple’s mobile operating system has traded in security for convenience.
According to Oleg Afonin, a security researcher and digital forensics expert at ElcomSoft, a person attempting to gain access to an iPhone or iPad typically has two challenges: gaining access to the physical device itself and knowing the passcode to unlock the device.
Prior to the release of iOS 11, even simply knowing the passcode would not necessarily expose all of the data on the device to the attacker, as the encrypted backup of the device was protected with a password set by the user.
That password use to be required every time a user wanted to interact with a backup, even if accessing it on another device like a Mac or PC. The password was linked to the iOS device, so even if the device was connected to a fresh version of iTunes and a backup was created, the person would need to know the password first made on the iPhone or iPad to access that data.
Attempts to change the password had to be done through iOS, which required entering the original password first to confirm the change. The only way to clear the password completely was to perform a factory reset, which would wipe out the encrypted backup and defeat the whole endeavor.
That set of simple but well-aligned security levers served as a simple but multi-layered system that made accessing an iOS device’s data next to impossible without knowing both the passcode and password. Afonin called it “the most secure mobile ecosystem on the market.”
As of iOS 11, that system of layered security was simplified in a way that makes data more accessible to attackers. The password can now be reset on the device and an encrypted backup can be made, protected by the new password set by the attacker. Essentially, cracking the passcode is now enough to gain complete access to data on an iOS device.
Apple documented the removal of the redundancies, suggesting it was an intentional design choice rather than a mistake or a bug. The decision, Afonin states, is likely the result of trying to make the user’s life easier but it comes at the expense of a layer of valuable protection.
Remembering a password may be a pain—especially one that is rarely used—and it may be safe to assume in many cases that the person who unlocked the iPhone with a passcode is the device’s genuine owner and not an attacker, but it does make data less secure.
The change isn’t likely to directly affect that many users, and the system had flaws itself (people often create insecure passwords or reuse passwords) but it is an important change to note for the particularly security-minded. It is a trade off that most are likely to be willing to accept, but is also a step back for a company that insists it takes security seriously.