Apple has once again taken a step on its way to make its mobile operating system more and more secure. It has been the DigiDNA team, iMazing security experts, a alternative software to iTunes, who They have published in a blog post, ensuring that the iTunes + iOS 10.2 backups use 1.000x stronger encryption than used in previous versions, that is, they require 1.000 times more processing power to hack the password of an iTunes copy of iOS 10.2 than one of 10.1.x.
DigiDNA believes that this movement demonstrates the apple company's commitment to protecting the security and privacy of its customers This has been partly in reaction to the emergence of more and more third-party software offering tools to hack passwords from a local copy of iOS. DigiDNA says that backup passwords are very sensitive because many users use the same password that they use on their Apple ID when they turn on backup encryption.
iOS 10.2 improves a protocol that was almost maintained since iOS 4
Since iOS 4, Apple's backup encryption protocols have remained more or less the same. In iOS 10, the Cupertino people changed the format of these copies and added a new layer of security for encrypted local backups that also encrypted file metadata, such as size and dates of creation of these, encryption keys and type of files. The problem is that, at first, the remedy was worse than the disease, since it came with a security flaw that made hacking the password of these backup copies easier instead of more difficult.
The new security problem was fixed in iOS 10.1 and the first beta of iOS 10.2 changed things again adding a surprise for potential attackers: not only is the entire database of backups encrypted, but also validating a user's password requires much more in terms of processing power, which requires more iterations to generate the derived key. The result is that «Our user passwords are now more secure than ever, taking the better part of 1.000 years for our hypothetical hacker to crack them«. What will you have to say to this Adrian Ludwing?
