iOS 11 Encrypted Backups Easier To Crack Than Before
Security of iOS devices is always a hot topic, and with macOS having had its own security issues of late thanks to the discovery that root access was not as well secured as it should be for a while, many pointed to iOS as an example of a secure operating system.
As with all things though, there is no such thing as complete security and according to Russian firm ElcomSoft, iOS 11 makes encrypted iOS backups less secure than they used to be.
If ElcomSoft sounds familiar it is because it is a company often used by law enforcement to gain access to devices when required, so when it says that iOS 11’s encrypted iTunes backups are not as secure as those created prior to its arrival, it is worth taking note. The issue apparently stems from how iOS 11 handles passwords for those encrypted backups, with the current system allowing the password to be changed depending on the circumstances.
Before Apple shipped iOS 11, if you made an encrypted backup of an iOS device in iTunes, the password protecting that backup was used every time moving forward, even if you switched Mac. This meant that even if someone got hold of the backup and had a device’s passcode, they could not access the data inside the backup. However, as of iOS 11, Apple changed that behavior.
The password would become the property of the i-device and not the PC (or the copy of iTunes) that was used to set the password. You could connect your phone to a different computer and make a local backup with a freshly installed copy of iTunes, and that backup would still be protected with the password you set a long time ago.
Any attempt to change or remove that password must pass through iOS, which would require to provide the old password first. Forgot the original password? There’s no going back, you’re stuck with what you have unless you are willing to factory reset the device and lose all data in the process.
Users, or attackers are still unable to change an existing password, however they can reset the password on the device, and can then make a whole new encrypted backup with a new password. That new password could then be used to access the data held within the encrypted backup.
Apple even documents the change itself, showing that this is indeed intended behavior rather than a bug. Based on that we can assume that Apple is weighing up security with convenience and trying to find a happy middle ground along the way. We’re just not sure this is the right ground to settle on. Admittedly, an attacker would still need access to an iOS device and know its passcode for this to work, but stranger things have happened.