Apple to Fix iOS 10 Security Flaw with iTunes Backups
Russian security company Elcomsoft has discovered a major security flaw in iOS 10: encrypted iTunes backups made with iOS 10 allow password-cracking tools to make 6 million attempts per second, more than 40 times faster than with backups created with iOS 9. Apple has confirmed that the issue is real and plans to fix it in an upcoming security update. In the meantime, because the vulnerability could be exploited only by someone with access to your iTunes backups, Apple recommends a strong login password and using FileVault encryption. (The problem also affects backups made in iTunes for Windows.) iCloud backups are immune to the problem, so if you’re concerned about the security of your iTunes backups, you might consider switching them to iCloud.
This is too funny "iCloud backups are immune to the problem, so if you’re concerned about the security of your iTunes backups, you might consider switching them to iCloud."
Note that iCloud backups are not encrypted, so whether this is more secure or not is debatable!
iCloud backups ARE encrypted, both in transit and on the server, but Apple holds the keys, which means that Apple can decrypt them if requested by law enforcement.
https://support.apple.com/en-us/HT202303
Whoops, outdated info on my part. Thanks for the clarification Adam. Though depending on who you are, the iTunes backup might be/feel more ‘secure’ even with this bug – if you can keep control of physical access to your backup, at least you know who is or isn’t accessing it.
I agree. It's more understandable, and most people probably aren't worried about the physical security of their iTunes backups. If someone can get to those, they're in your home or office, and the iTunes backups are probably low on the list of things that are vulnerable.