As with any other software which is coded by humans, there are also vulnerabilities in Apple’s latest operating system which is now available for an upgrade on the iPhone 7, iPhone 7 plus, iPhone 6, iPhone 6s, iPhone SE and iPhone 5 – the iOS 10.
This is what led a Russian cyber-security firm, which has developed a tool for hacking iPhones to expose that the latest iOS 10 is easier to brute-force remotely and gain access to credentials than the iOS 9 was.
The company Elcomsoft has claimed that they not only have a kit that was believed to be used in the exposing of nude pictures of celebrities two years ago , but this kit is also regularly updated with the latest exploits that can help break into iPhones and root the devices as well.
Ever since iOS 10 came out, Elcomsoft begun tests on it’s security and they have discovered that Apple devices running the OS were using passwords that were much weaker in terms of protection. The password mechanisms were weakest in the backups of the devices, such as the online backup via iTunes.
Elcomsoft’s team has claimed that potentially if a brute-forcing software is used on the phone, it can discover the password approximately 40 times faster than iOS 9 did, according to Forbes reports. The main reason for this is that the previous operating system required a powerful GPU or graphics card to be hacked into whereas the newer iOS 10 could be cracked very fast by simply using a device with a powerful processor.
The security company claims that it has approximately an average of 85% chance of cracking any iPhone running this OS and get it’s password. It’s tools are for sale to everyone.
Not only this, but the company has also discovered that the “new” protection technology imported by Apple In their latest iOS was configured not to perform certain checks in it’s security when password entering is involved, which allows Elcomsoft to crack the passwords at a 2500 times faster rate, according to Oleg Afonin’s(Elcomsoft) blog post.
Another report by Per Thorsheim, CEO of God Praksis another security company has reported the unlike the previous SHA1 encryption algorithm that used to have 10 000 iterations, the American company has downgraded the algorithm of the new iOS 10 to only 1 iteration and the widely known SHA256 encryption.
What Is the Real Life Impact?
In terms of what are the dangers in real life of those major security flaws, to best explain it, I will provide an example. Imagine a hacker sitting behind a desktop PC with a processor above Intel’s core i3 desktop processors. With the proper software, which is by the way sold by these security companies, he or she can conduct brute-forcing attacks and get the password for the backups.
Now, it is a completely different question whether or not these backups are stored on another PC or in the iCloud and this may complicate the hack. But whatever the case may be, a hacker can quickly adjust by simply hacking the local device if the backup is stored locally.
Also, if the hackers are skilled which is usually the case and they have gained access to the phone or a computer synced with it, they could make a local backup, allowing them to extract the files via a trusted device.
This also allows them to perform all sorts of activities on the hacked phone, like breaking the password for the keychain used to unlock the complete backup content.
The truth is that Elcomsoft were not the first ones finding out weak spots in the iPhone. Another researcher, Luca Todesco, also known as qwertyoruiop, who managed to Jailbreak the new iPhone 7 which is similar to rooting an Android device and allows to install all sorts of applications to run on the device. The tools used for it were exploits that took advantage of bugs and flaws in iOS’s code. Still, it has not yet been revealed how he managed to hack the device, but soon it may become widely known.
Not only iOS 10 has bugs, though. Israelly security company managed to hack into an activist’s iPhone running, the older iOS 9 as well. But not to a massive level. The phones still use Sandboxing and other security measures making them protected against phishing and other automatic threats, but if someone wants to target a phone because of the data in it, you can be sure that they can hack it.