Major Security Weakness in iOS 10 Backups

After officially adding support for iOS 10 in Elcomsoft Phone Breaker,it was discovered that password recovery speed for iOS 10 backups is now SIGNIFICANTLY faster: 6 000 000 passwords per second on just one single CPU (Intel i5)!
“All versions of iOS prior to iOS 10 used to use extremely robust protection”, says Vladimir Katalov, ElcomSoft CEO. “Chances of recovering a long, complex password were slim, and even then a high-end GPU would be needed to accelerate the recovery. As a result of our discovery, we can now break iOS 10 backup passwords much faster even without GPU acceleration.” 
The following benchmarks were obtained for iOS 9 and iOS 10 backups using the same hardware:

• iOS 9 (CPU): 2,400 passwords per second (Intel i5)

• iOS 9 (GPU): 150,000 passwords per second (NVIDIA GTX 1080)

• iOS 10 (CPU): 6,000,000 passwords per second (Intel i5)

Changes in iOS 10 make it much easier to try backup passwords. iOS 9 backups were slightly more than 150,000 passwords per second using a powerful NVIDIA GTX 1080 accelerator. For iOS 10, Elcomsoft Phone Breaker peaks at 6 million passwords per second using a CPU alone without the help of a GPU. 
This means that a truly random, 6-character alphanumerical password (single-case letters) protecting iOS 10 backup will only take a few minutes to break. Add an extra character, and it still takes several hours to brute-force, which is also very reasonable. For reference, the same 7-character password protecting an iOS 9 backup would take almost a week to break.

(127)

Share