Professional iPhone hackers say that Apple has dropped the ball on password security with its latest iPhone operating system, making the task of cracking the logins for backups stored on a Mac or PC considerably easier.
The claim comes from Elcomsoft, a well-known Russian forensics company, whose kit was thought to have been used by hackers who exposed celebrities’ nude pictures in 2014. Like market leader Cellebrite, it makes its money selling kit that can break into iPhones for the purpose of rooting around a target’s device.
As soon as iOS 10 was out, the company started probing its security, and found Apple was using a weaker password protection mechanism for manual backups via iTunes than it had done previously. Thanks to Apple’s mistake, Elcomsoft said it could potentially guess backup passwords 40 times faster using CPU acceleration when compared to the speedier GPU-powered cracking in iOS 9. When using the same Intel i5 CPU for cracking efforts, it was an astonishing 2500 times faster, with 6 million password guesses per second compared to just 2,400. The company thinks it has an 80 to 90 per cent chance of successfully getting the right password with its tools, which can be bought by anyone, not just the cops.
“We discovered an alternative password verification mechanism added to iOS 10 backups. We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older,” Elcomsoft’s Oleg Afonin wrote in a blog post.
What’s the weakness?
Indeed, the more secure version of storing passwords goes back to iOS 4, according to Elcomsoft CEO Vladimir Katalov. So what exactly has Apple done? As password security expert Per Thorsheim noted in a blog on Peerlyst, Apple used a weaker hashing algorithm for local backups of iPhone files stored on PCs. Such algorithms turn a plaintext password into a “hash” — a string of numbers and letters. Password crackers attempt to guess the output, or hash, of the algorithm and match it with plaintext; so, the more complex the algorithm and the more complex the password, the harder it is to find a match.
In iOS 9 and prior versions back to iOS 4, Apple used what’s known as a PBKDF2 algorithm and had the password run through it 10,000 times, so a hacker would have to run their plaintext guess through the algorithm 10,000 times too and repeat the process until a match was found. In the iOS 10 alternative version, a different algorithm known as SHA256 was used but with just one iteration. A hacker therefore only need try a single password once and repeat to find a match and crack the login, making the whole process considerably less time consuming.
“It’s not a good choose of algorithm,” Thorsheim told. He noted that Apple’s decision appears even more bizarre as the more secure password protection system remains in place alongside the new one; there are two password hashes a hacker can try to crack, one weaker than the other. He added that Apple might win the “stupidity award of the year” for taking such “a big leap back in security.” Katalov noted that even where stronger logins have been set up by the user, “even eight-character passwords are unsecure.”
Katalov said the company would have to update both iOS and iTunes, with “some significant changes in backup format.” Apple confirmed it was looking into the issue. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”
There’s one obvious limitation to any attack: the vulnerability is specific to password-protected local backups on iOS 10. That would mean a hacker would have to get access to the computer where the iPhone files were stored, and hope the user had turned on local backups in the first place rather than simply use iCloud like most do by default. They could get on the linked computer either by physically extracting the data or by compromising the machine in some other manner, such as a remote hack.
But there’s one trick hackers could use if they have physical access to a phone and the laptop. Elcomsoft said it was possible to force a phone into creating a backup on the phone and it may be possible “to produce a local backup even if the phone is locked by using a pairing record extracted from a trusted computer.”
Anyone with that level of access may well have the ability to take almost anything they wanted from a target’s iPhone. “If you are able to break the password, you’ll be able to decrypt the entire content of the backup including the keychain,” Afonin said. Katalov told: “A backup contains almost an exact copy of the device – address book, messages, call log, media files and much more, including saved passwords and authentication tokens to mail, social network accounts.”
Elcomsoft isn’t the first to have found weaknesses in the latest iPhones. Just earlier this week, the first jailbreak for the iPhone 7 was uncovered by 19-year-old Luca Todesco, who goes by the pseudonym qwertyoruiop. Jailbreaks, which remove Apple’s controls over what software can run on the phone, require low-level exploits of iOS vulnerabilities. Todesco is yet to reveal how he managed to jailbreak his device, however. Just last month, researchers found Israeli firm NSO malware targeted at a UAE-based activist’s iPhone. It was able to get on iPhones in the first place because of three vulnerabilities on the device, which was running iOS 9.