A security update is coming to the iOS 10 in order to patch up some flaws, says Apple. The weakness allowed hackers to obtain user’s passwords and other sensitive information. The security flaw was said to have been discovered by the contentious Elcomsoft, a Russian forensics company.
Apple admits that had mistakenly created the flaw when they had placed an additional security feature on the iPhone. The mobile phone company had implemented an alternate password authentication system on the iOS 10. Unwittingly, this feature injured the phones security measures for local backups.
Elcomsoft, however, insisted that this security flaw that they found on the iOS 10 is a major setback for Apple. The Russian company provides iPhone testing tools for all iPhone users.
Researchers contest that the new password protection system for the iOS 10 uses simpler data structures than its predecessor. The previous method uses secure hash codes and about ten thousand assignments to conceal password and user account information. Meanwhile, the new method only has a single assignment for such function. This enables the cyber crook to easily crack the system and steal user’s private information.
Elcomsoft refutes that they had milked on the system’s weakness to foster the attack which allowed it to sidestep some security measures when they were listing passwords that protect these local backups for iTunes created by the iOS 10.
A researcher from Elcomsoft, Oleg Afonin, wrote a post in his blog about this problem with iOS 10. He said that the effect of this vulnerability is deeply intense. The violent attack allowed the Russian developers to use those passwords more than two thousand times quicker than in iOS 9 when wage only on the CPU of the device.
Hackers would find the new password protection method for the iOS acceptable it operates on slow speed. This makes it easy for them to crack the device knowing that iPhone and iOS are famous for its firm security measures.
It is still difficult to hack the iPhone server. Even if you have access to the individual’s computer or have obtained his Apple ID and password, you still need to break the keychain before you can get in.
The keychain is Apple’s additional storage protection mechanism. It offers double security for your iOS device because it stores encrypted passwords not only on the device but also in a secure domain. Obtaining passwords and other login credentials through iTunes backups is, for now, the only way for hackers to crack this keychain. However, if a hacker succeeds in this venture, he will be able to retrieve all the vital information that can allow him to vandalize the user’s account.
Apple assures that they are already aware of this pressing issue and will be providing a security update to fix the problem.
