Apple to improve security in iOS 10.2

Apple to improve security in iOS 10.2 [Image: s-cphoto via iStock]

Apple has been working on a security update in the fight against brute force attacks on iPhone backups.

Its beta version of iOS 10.2 – which is now available to developers – will have even more stringent password protections, according to security blogger Graham Cluley.

Apple had released iOS 10.1 in response to a Russian security firm pointing out that local backups of users' password-protected iTunes files were susceptible to brute-force attacks on iOS 10. It was found that this version was 2,500 times faster to crack than the previous operating system.

Mr Cluley pointed out on tripwire.com that this increase in speed means “the difference between taking a year to brute-force your backup’s password… and taking three hours”.

The DigiDNA team, responsible for the iMazing iOS backup tool, said that “it looks like this new version will feature much stronger encryption of local backups”.

They went on to say that it reflected Apple’s “commitment to data security and user privacy, and is in part a reaction to the multiplication of affordable and easy to use 3rd party software solutions which offer tools to hack passwords of local iOS backups”.

DigiDNA said that Apple’s backup encryption protocols have remained the same since iOS 4 was released. However, with the launch of iOS 10, Apple changed its format, adding encryption to file metadata in the backup database.

However, with the upcoming release of iOS 10.2, Apple will make the entire backup database encrypted. It will also make validating a user password more demanding in terms of processing power, which will have the effect of requiring many more iterations to generate the derived key.

According to DigiDNA, a “user’s password is safer than ever, taking the better part of a 1,000 years for our hypothetical hacker to crack”.