Change in iOS reportedly makes iTunes backups easier to crack


Elcomsoft, a Russian forensics company claims that iOS 10 allows for easier password cracking on iTunes backups. If you back up your device to a computer and utilize the encrypted back-up option, basically this situations would make it easier for someone to crack that password. Via Forbes:

"We discovered an alternative password verification mechanism added to iOS 10 backups. We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older," Elcomsoft's Oleg Afonin wrote in a blog post today.

Apple said it is aware of the issue and will be release a fix:
"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups," a spokesperson said. "We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption."

Basically, if you're utilizing FileVault on your Mac, which you should, the backup image that has weaker encryption will be itself encrypted by FileVault, so you should be fine there until the situations remedied.