A security flaw discovered in iOS 10 made it possible to brute force iTunes backup password “approximately 2500 times faster” than before. Apple seems to have been silently working on fixing the flaw and issue by implementing stronger encryption measures in the first beta of iOS 10.2.
When the security flaw in iOS 10 was first reported, Apple was quick to drop encryption of metadata in iOS 10.1 and also patched the security flaw. Now, with iOS 10.2, the company is working on making things even more secure. By implementing a stronger encryption process, Apple has made iTunes backups taken with iOS 10.2 up to 1,000 times more secure.
Now in the first iOS 10.2 beta, things changed yet again, and Apple packed a little surprise for would-be attackers: not only is the entire backup database now encrypted, but validating a user password is now much more demanding in terms of processing power, requiring many more iterations to generate the derived key. Our user’s password is safer than ever, taking the better part of a 1’000 years for our hypothetical hacker to crack.
Apple has achieved this stronger encryption by increasing the number of iterations of the algorithm that validates the user inputted password. The more the number of iterations, the more secure and longer it will take for a password to be validated.
Apple has always taken security seriously and this move from the company to further secure local iTunes backup just further reinforces that fact.[Via iMazing]