[Cryptography] iOS 10 backups easier to hack than iOS 9 backups
Tom Mitchell
mitch at niftyegg.com
Sun Sep 25 12:06:11 EDT 2016
On Fri, Sep 23, 2016 at 4:52 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> FYI --
>
> https://motherboard.vice.com/read/the-new-ios-has-a-
> critical-security-flaw-says-iphone-cracking-company-1
>
> iOS 10 Has a 'Severe' Security Flaw, Says iPhone-Cracking Company
>
> .....
>
> Specifically, the company found that iOS 10 backups saved locally to a
> computer via iTunes allow password-cracking tools
.....
>
> The flaw could be a huge boon for law enforcement, spies, and
> sophisticated criminals
This is a time warp flaw.
Should an agent gather flawed backups now the content of
that backup could be leveraged to attack other systems.
A backup gathered now before a bug fix has value a long time
in the future.
As a first order protection It seems local backups should not be
exposed to the internet. Disconnect from the net, connect storage,
backup, disconnect storage, reconnect to the net.
Corp and agencies have a backup problem. Should a current
iOS 10 backup be gathered it will contain keys to an unknown
list of things.
Citizens not so bad but managers of mail and storage systems....
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160925/8e23835f/attachment.html>
More information about the cryptography
mailing list