A forensic security firm has said that Apple’s inadvertantly made iOS 10 easier to crack by allowing an alternative password verification method.
The Russian company explained in a blog post that the issue stems from the way in which an attacker could ultimately bypass security checks for backed-up iOS 10 passwords. Because Apple uses a new security mechanism, Elcomsoft said it could try passwords 2,500 times faster than if trying to crack an iOS 9 device and was currently clocking around 6 million per second.
In order for this to be a security risk, the attacker would need to have access to your computer with an offline backup of your iOS 10 device. With that limitation stated, it’s pretty worrying that the potential is even there. Apple told Forbes that iCloud backups are unaffected and entirely safe.
It also confirmed that it’s going to be rolling out a fix for the vulnerabilty with an upcoming security update, though didn’t say exactly when.
“We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption,” a spokesperson said.
The rollout of iOS 10 hasn’t been entirely smooth, so news of a new security vulnerability won’t be met kindly by some users, but console yourself with the fact that it’s really quite unlikely to affect you before the problem has been fixed, so don’t let that be the reason you don’t update.
Related: iOS 10 review
Watch: iOS 10 Hands On
Do you worry about security issues like this, or is it all too theoretical to really be a concern? Let us know below!