iOS 10 Vulnerability Makes Bruteforcing Backup Passwords Up To 2,500 Times Faster (Updated)

ElcomSoft, a Russian digital forensics and IT security firm, announced that it found a flaw in iOS 10’s backup password mechanism that allows its password cracking tools to bruteforce a password 2,500 times faster compared to when the old iOS 9 mechanism was being used.

iOS 10's Backup Password Mechanism Vulnerability

The firm said that Apple introduced a secondary password verification mechanism for local backups that existed in parallel to the old mechanism. However, the new system allows password-cracking tools to skip certain security checks, and thus bruteforce passwords 2,500 times faster.

The most modern password-cracking tools, including ElcomSoft’s own “Phone Breaker,” use GPU acceleration to bruteforce passwords. However, because the company has just learned about this iOS 10 flaw, it has only had time to update its tools for breaking passwords while using only the CPU. Even so, bruteforcing passwords on iOS 10 is still 40 times faster than bruteforcing them with GPUs on iOS 9.

Backup Passwords, An Easy Target

According to ElcomSoft, the reason its tools now try to focus on breaking the security of backups is because iOS has gotten increasingly more secure, and there are fewer and fewer ways to break into the system and extract its data. Backups remain the easiest vector for now.

Breaking the backup password also gives access to keychain data such as app passwords, authentication tokens, credit card information, Wi-Fi network information, and any other sensitive information that app developers may have thought needs to be stored securely.

Normally the keychain data is encrypted and the key is stored in the Secure Enclave, which can’t be easily hacked. According to ElcomSoft, even if you jailbreak a 64-bit iPhone, you can’t extract the key from the Secure Enclave. However, if you decrypt the backup password, you would be able to decrypt keychain data on a iOS 10 device.

Six Million Passwords Per Second

When testing the new bruteforcing method that takes advantage of iOS 10’s new backup password verification mechanism, ElcomSoft said that it achieved the following results:

iOS 9 (CPU): 2,400 passwords per second (Intel i5)iOS 9 (GPU): 150,000 passwords per second (NVIDIA GTX 1080)iOS 10 (CPU): 6,000,000 passwords per second (Intel i5)

Despite the fact that a single dual core Intel Core i5 CPU was being used, ElcomSoft could still try six million passwords every second. If GPU acceleration would be enabled, it’s likely that the tool could bruteforce passwords even faster.

Updated, 9/23/2016, 2:35pm PT: Apple responded to our request for comment with the following statement:

"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC," said an Apple spokesperson. "We are addressing this issue in an upcoming security update. This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption," he added.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • Felix_20
    A 12 character password with lower case, upper case, digit and special character (&PassWord10&) would still take 26 385 years to crack @ 6 000 000pwd/sec. Just use strong password, end of the story.
  • derekullo
    "Despite the fact that a single dual core Intel Core i5 CPU was being used"

    Thought all i5 were quad core, at least for desktop when Intel isn't trying to confuse laptop users.

    I could disable 2 of the cores of an i5, but what would be the point?
  • Superman_
    Dude, do you even use a 12 character password with lower case, upper case, digit and special character (&PassWord10&) on your phone???
  • Felix_20
    Of course! I use a strong password to lock my phone and icloud account then touch id :)
  • tom10167
    Lucian is still my favorite writer on this site but thinking an i5 is a dual core (it's 2016!) is pretty bad.
  • memadmax
    All of my passwords have a uppercase, a number, and a special in it.... The rest of it is common words however in order to ease memorization...
    Even then it would take 3 million years to crack my password:
  • jverboon
    @tom10167 or it was a mobile i5...