This post was updated in May 2017
Apple has released 7 beta versions following the official iOS 10 launch in September. A significant security flaw which affected local iPhone backups was detected and removed within 2 weeks. We noticed the security fix with the introduction of iOS 10.1 back in October. The news was covered in The Register.
In the mobile space, where consumer adoption has overtaken desktop technologies, frequent updates are crucial to ensuring the security and stability of widely used mobile platforms, including iOS. With cyberattacks becoming more sophisticated, the ongoing battle between tech giants and well versed hackers lead to rising expectations from users for bug-free software being released publicly. Media outlets have covered this security flaw topic extensively, given that iOS 10 is now used on more than 75% of all Apple devices.
As the leading app-data company, it is critical that we swiftly identify changes in backups introduced with new iOS updates in order to best serve our customers. We are committed to offer robust support for all features released, including encrypted iTunes and iCloud backups.
Our clients, ranging from regular users to companies turning to mobile applications to stay in touch with customers, rely on our product’s best-in-market functionality to recover encrypted backups for all iOS versions.
We are proud to announce that the iPhone Backup Extractor now fully supports encrypted local backups in the upcoming iOS 10.2.
What makes iOS 10.2 backups uncrackable?
The change is associated with a different key derivation process used for iTunes backup encryption than the one used previously. Finding the new derivation process was the missing piece to increase security to iTunes backups, and to being able to support this new feature in iPhone Backup Extractor, for our users.
The encryption update included in iOS 10.2 removes the possibility for brute force attacks to be successful, because it takes significantly more time for each attempt to guess the backup password.
Our expert iOS team estimated that it takes roughly 7 seconds for a password to be verified and validated, before opening the backup.
This means that for 8 digit passwords, containing alphanumeric lowercase and uppercase characters, it will take more than 100,000 years to guess a password using brute force attacks. Even considering Moore's Law, if the CPU processing power doubles every 6 months, it will still take years to guess and verify a password that matches minimum strength requirements. However, most people do use fairly weak and common passwords, which can dramatically reduce the time required for computationally breaking a password.
Why is this important to you?
Mac Forensics expert Sarah Edwards urges companies to improve and grow Mac skills, especially if there are dedicated security teams or professionals working on detecting and accurately responding to security incidents in due time. Security threats come from all different directions, from phishing and scam emails to social engineering and using unencrypted connections.
Turning on encryption for iPhone backups is only one of the precautionary methods used to mitigate risk. As encryption is hardened in iOS 10.2, local backups are harder to retrieve by iOS data recovery tools available on the market.
The iPhone Backup Extractor is the only one to date that provides support for new changes made in iOS 10.2 encryption, allowing legitimate users to recover lost or deleted backup files.
Forensics examiners and investigators can also benefit from this feature directly, which is available with the most recent version of the software.
Advocating for security
Encryption is now the default of all iTunes backups, and users will need to manually turn it off if they wish to. Switching to a default encrypted state is an important move for Apple, marking a security-first approach, on top of adding extra features in iOS 10.
Reincubate is committed to keep this momentum going, regularly releasing updates to both iPhone Backup Extractor and to the iCloud API, to ensure maximum compatibility with latest encryptions changes.