iOS 10 Found To Lack Security Checks Against Brute-Force Attacks

Apple released iOS 10 last week to iPhone and iPad users excited over the prospect of new features coming to their devices. However, the Cupertino tech giant may have forgotten to mention what the iOS 9 successor does not come with.

Apparently, Russian cybersecurity firm Elcomsoft has found out that the iOS 10 is lacking some implementations that could make it safe against hackers. The firm discovered recently that iOS 10 does not come with certain security checks that are present in iOS 9, as per Phone Arena.

The absence of security checks is said to make iOS 10-running devices an easy target of brute-force password attacks. This type of attack involves hackers trying out passwords by characters until getting the right one that would make the device vulnerable, as per Phone Arena.

Elcomsoft stated on its blog that with iOS 10’s new password verification mechanism for backups, hackers can penetrate devices using random phrases and character combinations at least 2,500 times faster than iOS 9 and older OS iterations.

The Russian firm clarified that iOS 10’s shortcomings are only applicable to backups, which can only be hacked if the hacker has local or remote access to the mobile device, personal computer or Apple account credentials of a user.

Another issue that was recently uncovered is the downgrade of the hashing algorithm for iOS 10. Security researcher Per Thorsheim, the CEO of security firm God Praksis, said that from SHA1 with 10K iterations, Apple downgraded the algorithm to plain SHA256 with a single iteration.

The downgrade makes it possible for an attacker with a common desktop computer processor to brute-force a password. Phone Arena has learned that with the weaker security, brute-force attacks on iOS 10 backups have a 40 times faster success rate than on iOS 9 backups.

Thorsheim told Threat Post that the changes Apple implemented in iOS’s password protection mechanism is a “massive weakening of security and privacy.” He also added: “I can’t see any reasonable logical explanation why Apple would have done this. This must be a bug on Apple’s part.”

To reiterate just how bad the situation is, Elcomsoft’s Oleg Afonin explained that when jailbreaking a 64-bit iOS device, hackers would still not have the advantage of extracting decryption keys for Keychain, which contains password or authentication tokens to applications and security services that require authentication credentials.

With iOS 10, Alfonin stressed that hackers can have access to the operating system’s backups, enabling them to extract and decrypt Keychain data.

Apple has yet to react to reports about its alleged less secure mobile operating system.