iOS 10 was released on the 13th of September. Since then, several data security issues have already been identified. The specific reason behind the biggest one may lie in its new functionality that allows users to encrypt their backups by using iTunes, which allows hackers to access the device more easily.
Trying to brute force the correct password is one of the most common methods used by hackers, and this is likely going to get used on the encrypted backups. That way, hackers could potentially get away with the sensitive credit card information of iOS users.
The rate at which a hacker tries out different passwords is extremely high. For instance, Elcomsoft’s Phone Breaker software allows for 6 million password attempts per second. In comparison, iOS 9 allowed only 150,000 password attempts per second, which is precisely 2500 times less.
PBKDF2, a new algorithm that is included in iOS 10, is to blame for this. Certain security checks are skipped entirely when using it, which allows for very effective brute force attempts by hackers. This algorithm is also older in nature, and certain security issues such as this one have been left unresolved.
Elcomsoft commented that if hackers decrypt the backup’s password at any time, they would also get access to the keychain.
According to Apple, they are currently working on a fix.