The new loopholes in the system to make iOS10 easier to break Apple said it started iTunes backup mechanism to repair [Abstract] the current iOS system in skip some specific safety inspection procedures, which makes Elcomsoft work easier, speed can crack iOS 9 and earlier versions of the system is about 2500 times faster probably. Tencent technology news reports, according to foreign media reports, apple iPhone mobile phone is traced to iOS 10, the latest iTunes backup password authentication mechanism makes its system vulnerable to attack, but apple now said it has begun repair work. According to the latest investigation and test results of company Elcomsoft, which is designed to acquire iPhone data access rights, the latest iTunes backup password authentication mechanism in iOS 10 makes the system easier to be breached. It is understood that Macbook or iTunes encryption backup on the PC terminal can be protected by password, but it can be known through previous data survey, but it may still be forced to crack down on some cryptographic cracking software. The iTunes backup mechanism in iOS system has skipped some specific security checking steps, which makes the work of Elcomsoft cracking easier and the speed can be cracked. IOS 9 and the earlier version of the system are about 2500 times faster. If the attacker gets the backup password of iTunes, it means that it can access all the data on the phone at will, including all the passwords and other sensitive information stored on the keychain. At this time, according to previous survey data, it is found that, in contrast, the attack speed of iOS 10 is about 2500 times that of iOS 9. The following is the specific test results of Elcomsoft: iOS 9 (CPU): 2400 times per second (Intel i5) iOS 9 (GPU): 150000 times per second (NVIDIA GTX 1080) iOS 10 (CPU): 6000000 times per second (Intel i5) according to the above data, Per Thorsheim security analyst from Peerlyst said: apple the new system will be the original PBKDF hash algorithm into the SHA256 algorithm, the former has 10 thousand iterations, the latter is only one, which leads to the attacker can obtain greatly improved in a violent attack on mobile phone system when the speed of crack. Apple has released a statement in Forbes recently. They said in a statement: Apple has realized this problem and has begun repair work, and is working hard to solve this problem. "We know that the latest iTunes backup password authentication mechanism used in iOS 10 is vulnerable to violence, and we are trying to fix this problem at the moment. But this does not affect iCloud’s backup security. " A spokesman for the apple said, "we suggest that users can only authorize the user’s access to ensure the security of the Mac and PC password protection. Additional security guarantees can be encrypted using the FileVault full disk. " Apple has been updated with iOS 10 and Mac OS Sierra. Therefore, the solution of this problem will be possible through the new version of the software patch. It is understood that iOS 10.1 and MacSierra 10.12.1 have been tested in beta earlier this week.

新系统漏洞使iOS10更容易被攻破 苹果称已开始修复 [摘要]当下iOS系统中的iTunes备份机制跳过了一些特定的安全检查步骤,这就使得Elcomsoft的破解工作变得更加容易,速度可以破解iOS 9和早前的系统版本大概快了约为2500倍。腾讯科技讯 据外媒报道称,苹果iPhone手机被曝iOS 10所用的最新的iTunes备份密码的验证机制使得其系统特别容易遭到攻击,但苹果目前表示已经开始进行修复工作。根据专攻获取iPhone数据访问权限软件设计的公司Elcomsoft的最新的调查测试结果显示,iOS 10中所用的最新iTunes备份密码认证机制使得该系统变得更容易遭到攻破。据了解,Macbook或是PC端上的iTunes加密备份能够通过密码获得保护,但通过以往的数据调查可以得知,但它还是有可能会遭到某些密码破解软件的暴利强制破解。而当下iOS系统中的iTunes备份机制跳过了一些特定的安全检查步骤,这就使得Elcomsoft的破解工作变得更加容易,速度可以破解iOS 9和早前的系统版本大概快了约为2500倍。如果攻击者一旦获得了iTunes的备份密码,这就意味着它可以随意地访问手机上的所有数据,其中包括储存在钥匙串上所有的密码和其他敏感信息。在这个时候,根据以前的调查数据显示可以发现,相比之下iOS 10的攻击速度大约是iOS 9的2500倍。下面是Elcomsoft的具体测试结果:iOS 9 (CPU): 每秒2400次(Intel i5)iOS 9 (GPU): 每秒150000次(NVIDIA GTX 1080)iOS 10 (CPU): 每秒6000000次(Intel i5)根据上面的数据,来自Peerlyst的安全分析师Per Thorsheim表示:苹果在最新的系统中将原先的PBKDF哈希算法改成了SHA256算法,前者拥有了1万个迭代,后者却只有一个,这种情况就导致了攻击者在对手机系统进行暴力攻击破解的时候速度可以获得大幅度的提升。苹果近日在《福布斯》发表了声明,他们在声明中表示:苹果已经意识到了这一问题,并已经开始了修复工作,正在努力解决这个问题。“我们知道,iOS 10中所用的最新iTunes备份密码认证机制容易遭到暴力破解,目前我们正在努力修复这个问题。但这并不会影响到iCloud的备份安全。”苹果的一位发言人表示,“我们建议用户为了确保Mac和PC的密码保护安全,进行只能授权用户访问的设置。另外额外的安全保障可以使用FileVault全磁盘进行加密。”苹果进行了iOS 10和Mac OS Sierra的更新,因此这个问题的解决将有可能通过软件的新版本的修补程序中,据了解,iOS 10.1和MacSierra 10.12.1已经在本周的早些时候进行了beta的测试。相关的主题文章: