Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Apple is in the process of patching an iOS password security flaw

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

September 26, 2016

Earlier this morning, Apple said it's in the process of patching an iOS password security hole that could allow login credentials to be stolen from some data backups.

To be sure, Elcomsoft security researcher Oleg Afonin asserts that the flaw means that cracking efforts against iOS 10 data backups are about 2,500 times faster compared to similar efforts against iOS 9.

But if successful, the security attacks will then grant full access to device keychains, among other things.

The latest version of iOS released 17 days ago allows about six million passwords to be attempted each second compared to 2,400 a second against iOS 9, using a simple Intel i5 processor.

Afonin conducted his research using a commercial tool, but without providing the name or supplier of the tool.

Apple said in a statement it will address the various security flaws in an upcoming security update, adding that it did not affect iCloud backups.

Afonin says Apple devices are highly secure and his work is one of the last avenues available to attackers should they be able to obtain a local device backup.

"Apple smartphones are secure. As an operating system, iOS is also secure and gets tougher with each subsequent generation," Afonin asserts.

"Forcing an iPhone or iPad to produce an offline data backup and then analyzing the resulting data is one of the very few acquisition options available for devices running iOS 10," Afonin confirmed.

"At this time, logical acquisition remains the only option available for the iPhone 5s and the newer running iOS 10 that offers access to device keychain," he added.

PasswordsCon and security researcher Per Thorsheim says that Apple moved to a weaker algorithm. But not everybody agrees with that assessment.

"Apple have moved from pbkdf2 (sha1) with 10,000 iterations to a plain sha256 hash with a single iteration only," Thorsheim claims.

Afonin says he is now working on an attack optimized for much more efficient GPU systems. We'll keep you updated as to when the new solution will be ready.

Source: Elcomsoft Internet Security LLP.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer