Johannesburg - The new iOS 10 software update has been reported to have weakened the operating system’s security, according to iPhone expert and software company Elcomsoft.
In a recent blog post, the Russian firm detailed how a major security flaw in the iOS 10 backup protection mechanism allowed for developing a new attack that was able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices.
READ: 6 key things to know about Apple iOS 10
“The impact of this security weakness is severe. An early central processing unit (CPU)-only implementation of this attack, available in Elcomsoft Phone Breaker 6.10, gives a 40-times performance boost compared to a fully optimized GPU-assisted attack on iOS 9 backups,” Elcomsoft’s Oleg Afonin said in the blog post.
An alternative password verification mechanism was added to protect the iOS 10 backups however Elcomsoft found that the new mechanism skips certain security checks.
It allows for hackers to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older, potentially allowing unauthorised access to localised backups.
This new vector of attack is specific to password-protected local backups produced by iOS 10 devices.
The attack itself is only available for iOS 10 backups.
The iOS 10 update, launched earlier last month was designed to feel and look different from previous mobile Apple operating systems and were the most dramatic changes made to the OS since 2013.
The new operating system also featured re-engineered apps, new gestures and a new screen locking methods.
Read Fin24's top stories trending on Twitter: