Apple's latest iOS 10 upgrade included a flawed password-verification mechanism that weakens the security of the...
Elcomsoft Co. Ltd., the cyberforensics firm based in Moscow, disclosed a "majority security flaw" within the password-verification system of iOS 10 that undermines the protection of local backups and enables a fortyfold increase in brute-force attacks on user credentials.
The new password-verification mechanism is in addition to the old mechanism, which is still secure. However, the new mechanism enables an attack that Elcomsoft is incorporating into its mobile device forensics products. The attack can be used to decrypt local backups, which includes keychain data. As a result, attackers can use the iOS vulnerability to obtain passwords and authentication tokens, as well as credit card information and any other data that application developers have deemed sensitive and request to be encrypted in the keychain.
"We discovered a major security flaw in the iOS 10 backup protection mechanism. This security flaw allowed us [to develop] a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices," wrote Oleg Afonin, security researcher at Elcomsoft. "The impact of this security weakness is severe. An early CPU-only implementation of this attack (available in Elcomsoft Phone Breaker 6.10) gives a 40-times performance boost, compared to a fully optimized, GPU-assisted attack on iOS 9 backups."
Although Apple is aware of the flaw, it does not appear this particular bug was reported through Apple's new bug bounty program, which was built specifically to find iOS vulnerabilities.
"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update," an Apple spokesperson told SearchSecurity. "This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole-disk encryption."
The alternative password-verification mechanism added to iOS backups was discovered when Elcomsoft was updating its Phone Breaker product to support iOS 10.
"We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2,500 times faster, compared to the old mechanism used in iOS 9 and older," Afonin wrote. "This new vector of attack is specific to password-protected local backups produced by iOS 10 devices. The attack itself is only available for iOS 10 backups. Interestingly, the 'new' password-verification method exists in parallel with the 'old' method, which continues to work with the same slow speeds as before."
One expert wondered whether the new mechanism was implemented on purpose by Apple. "Apple has taken us through many betas of iOS 10, so it is easy to say that this didn't happen by pure error," wrote Per Thorsheim, founder of PasswordsCon, in a blog post. "The interesting question for Apple to answer is whether this massive weakening of your security and privacy is intentional, if it is a stupid glitch, or is it clueless crypto/developers?"
Find out more about using the iCloud keychain for password synchronization security
Learn about the fundamentals of full-disk encryption
Read about Apple's response to the disclosure of the Pegasus spyware bugs