Forensics firm says iOS 10 skips certain security authentications

A Russian mobile forensics company said the iPhone's most recent operating system has weaker password protection for manual iTunes backups than earlier operating systems. Apple's newest iPhone operating system, iOS 10, uses a different password verification mechanism that omits certain security authentications, according to the firm, Elcomsoft.

Oleg Afonin, a researcher at the firm, said in a Friday blog post that the security weakness has a “severe” impact, allowing the team to attempt passwords as much as 2,500 times faster than the prior verification mechanism.

That rate required that the company use its Elcomsoft Phone Breaker 6.10 update. “Since this is all too new, there is no GPU acceleration support for the new attack,” Afonin wrote. “However, even without GPU acceleration the new method works 40 times faster compared to the old method *with* GPU acceleration.”

The verification mechanism used by iOS 9 and older made it more difficult to crack logins for local iTunes backups, he wrote.

Sign up to our newsletters