tech-savvy offenders could rapidly gain access to data from locally-stored iOS 10 backups than
those produced by older versions. It does not affect iCloud backups. iOS recommends its users
ensure their protection with strong passwords and can only be retrieved by authorized user.
(2)”
The flaw could be a huge boon for law enforcement, spies, and sophisticated criminals who
are able to gain possession of a victim’s iOS backup file. While iOS devices themselves are
known for having fairly solid security backed by a hardware module called
the Secure Enclave
,
one of the remaining avenues of attack is to trigger a device to backup either to iCloud or a local
computer, where data enjoys far less protection.”
11
Backups are protected by a user’s password. But in iOS 10, Apple has applied a weaker hashing
algorithm. Which is a function used to verify and store passwords in a bizarre format. This
allows hackers to easily attack the backup file’s password by having a piece of forensics software
guess millions of different passwords per second until it finds one that matches the stored
muddle.
The amount of time it takes to pop an iOS 10 backup’s password can be reduced even further by
a combination of password used on a regular schedule. Once an attacker has unlocked the
backup, they can gain complete access to the device’s data in its saved state including the
keychain, a file that’s normally impossible to retrieve from the physical device which stores all
the user’s logins and passwords. An iOS update is needed, but also iTunes update as well, and
some deviations to the backup format.
In iOS security system the App Store is tightly controlled, and it’s difficult to install any third-
party apps without security risks. The security confines are removed when jailbreaking. This
means apps are given a lot more access to the core functions of the phone, such as contact lists
and the ability to send emails or make calls. On an iOS device, a user has to give permission to
an app to get access these functions, but not on a jailbroken phone. Many people forget to change
the root password after jailbreaking their device and moving to an SSH app. With a
jailbroken iPhone it will not be able to update iOS without reverting back to the un-jailbroken
default mode. The. problems are that security holes in iOS will occur until a new jailbreak
is
released. In iOS could always just download iOS and wait a couple weeks for a new jailbreak.
There would be security risks every time there’s an update. Problems are that occur are that are
12
unable to access other apps problems of video streaming, communication, and banking apps that
deny access to jailbroken devices have occurred. Also this voids the phones warranty.
Apple’s IPhone have some sensitive information that can be accessed on an it without even
having to unlock it is a serious security problem that
anyone and everyone has access to on your
iPhone without knowing your PIN or passcode. Converting one simple setting will plug up this
potentially serious flaw and ensure that your data is safe and secure.
You've reached the end of your free preview.
Want to read all 20 pages?
- Winter '17
- griffin
- Networking
