There is a major security flaw in the iOS 10 backup protection mechanism, say ElcomSoft’s security researchers. The flaw allows attackers to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices (via TNW).
According to a blog post published today, Moscow-based Elcomsoft’s security researchers have discovered that iOS 10 backups include an alternative password verification mechanism which skips certain security checks, allowing the researchers to try passwords about 2,500 times faster than with the old mechanism used in iOS 9 and earlier.
As detailed by ElcomSoft, this flaw means it’s possible to test 6 million passwords per second with a computer powered by an Intel Core i5 processor.
“Fortunately”, the attacker needs to have physical access to the iPhone running iOS 10 to force the device to produce a backup that contains all your files such as media, health information and much, much more.
ElcomSoft is known for its Phone Breaker tool, which can be used to break the iPhone’s passcode.