There are two ways to back up your iPad, iPhone or iPod touch: at least iCloud (going ICloud Backup settings and activating the option “iCloud Backup”) or at iTunes (plugging the device into the Mac / PC, opening iTunes and choosing the "Backup Now" option).
Through iTunes, in addition to everything being faster (both to backup and restore after all, we do not depend on servers and internet connections as in the option of iCloud), there is the possibility that you can protect or not the backup by activating the “Encrypt backup” option, which, as its name implies, offers a layer of protection for your data. Here, for obvious reasons, the option is activated.
This week, shortly after the release of iOS 10, the Elcomsoft found that backup encryption by iTunes on the new system is not that good. They were working on an Elcomsoft Phone Breaker software update when they discovered an alternative password verification mechanism that Apple added to iOS 10. Running away, they saw that this mechanism bypasses certain security controls, allowing a person with sufficient technical knowledge to be able to discover the backup password approximately 2,500 times faster if we compare it with the protection of device backup in iOS 9.
Also according to the company, an attack from the outside combined with what they call “smart attacks” carried out for two days has an 80-90% chance of being able to crack the password from an encrypted backup on iTunes (again: from an device with iOS 10).
Interestingly, this new method exists in parallel to the old one, which continues to work normally in older versions of Apple's mobile operating system. In times of war with the FBI, something like that definitely causes concern in some people. In iCloud, however, everything remains safe and there has been no change of any kind.
Apple contacted Apple Motherboard and informed that he is aware of the problem and that everything will be resolved in a future software update. We will see how long this will be resolved.
(via Mac Kung Fu)
