Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Apple to Fix iOS 10 Security Flaw with iTunes Backups

Russian security company Elcomsoft has discovered a major security flaw in iOS 10: encrypted iTunes backups made with iOS 10 allow password-cracking tools to make 6 million attempts per second, more than 40 times faster than with backups created with iOS 9. Apple has confirmed that the issue is real and plans to fix it in an upcoming security update. In the meantime, because the vulnerability could be exploited only by someone with access to your iTunes backups, Apple recommends a strong login password and using FileVault encryption. (The problem also affects backups made in iTunes for Windows.) iCloud backups are immune to the problem, so if you’re concerned about the security of your iTunes backups, you might consider switching them to iCloud.Generic Globefollow link

 

Comments about Apple to Fix iOS 10 Security Flaw with iTunes Backups
(Comments are closed.)

Anonymous  2016-09-24 12:00
This is too funny "iCloud backups are immune to the problem, so if you’re concerned about the security of your iTunes backups, you might consider switching them to iCloud."
Jolin Warren  An apple icon for a TidBITS Supporter 2016-09-27 09:56
Note that iCloud backups are not encrypted, so whether this is more secure or not is debatable!
Adam Engst  An apple icon for a TidBITS Staffer 2016-09-27 10:33
iCloud backups ARE encrypted, both in transit and on the server, but Apple holds the keys, which means that Apple can decrypt them if requested by law enforcement.

https://support.apple.com/en-us/HT202303
Jolin Warren  An apple icon for a TidBITS Supporter 2016-09-27 14:57
Whoops, outdated info on my part. Thanks for the clarification Adam. Though depending on who you are, the iTunes backup might be/feel more ‘secure’ even with this bug – if you can keep control of physical access to your backup, at least you know who is or isn’t accessing it.
Adam Engst  An apple icon for a TidBITS Staffer 2016-09-27 16:02
I agree. It's more understandable, and most people probably aren't worried about the physical security of their iTunes backups. If someone can get to those, they're in your home or office, and the iTunes backups are probably low on the list of things that are vulnerable.