ElcomSoft, a Russian digital forensics and IT security firm, announced that it found a flaw in iOS 10’s backup password mechanism that allows its password cracking tools to bruteforce a password 2,500 times faster compared to when the old iOS 9 mechanism was being used.
iOS 10's Backup Password Mechanism Vulnerability
The firm said that Apple introduced a secondary password verification mechanism for local backups that existed in parallel to the old mechanism. However, the new system allows password-cracking tools to skip certain security checks, and thus bruteforce passwords 2,500 times faster.
The most modern password-cracking tools, including ElcomSoft’s own “Phone Breaker,” use GPU acceleration to bruteforce passwords. However, because the company has just learned about this iOS 10 flaw, it has only had time to update its tools for breaking passwords while using only the CPU. Even so, bruteforcing passwords on iOS 10 is still 40 times faster than bruteforcing them with GPUs on iOS 9.
Backup Passwords, An Easy Target
According to ElcomSoft, the reason its tools now try to focus on breaking the security of backups is because iOS has gotten increasingly more secure, and there are fewer and fewer ways to break into the system and extract its data. Backups remain the easiest vector for now.
Breaking the backup password also gives access to keychain data such as app passwords, authentication tokens, credit card information, Wi-Fi network information, and any other sensitive information that app developers may have thought needs to be stored securely.
Normally the keychain data is encrypted and the key is stored in the Secure Enclave, which can’t be easily hacked. According to ElcomSoft, even if you jailbreak a 64-bit iPhone, you can’t extract the key from the Secure Enclave. However, if you decrypt the backup password, you would be able to decrypt keychain data on a iOS 10 device.
Six Million Passwords Per Second
When testing the new bruteforcing method that takes advantage of iOS 10’s new backup password verification mechanism, ElcomSoft said that it achieved the following results:
iOS 9 (CPU): 2,400 passwords per second (Intel i5)iOS 9 (GPU): 150,000 passwords per second (NVIDIA GTX 1080)iOS 10 (CPU): 6,000,000 passwords per second (Intel i5)
Despite the fact that a single dual core Intel Core i5 CPU was being used, ElcomSoft could still try six million passwords every second. If GPU acceleration would be enabled, it’s likely that the tool could bruteforce passwords even faster.
Updated, 9/23/2016, 2:35pm PT: Apple responded to our request for comment with the following statement:
"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC," said an Apple spokesperson. "We are addressing this issue in an upcoming security update. This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption," he added.