nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Apple squishes crypto bug

By John Leyden, 13 Oct 2016

Apple has fixed an encryption bug inadvertently introduced with iOS 10.

iTunes backups encrypted iOS user data including Wi-Fi settings, browser history, health data and passwords. With iOS 10, Apple has made a number of changes to encrypted or password protected iTunes backups.

Early iOS 10 backups included a password hash used to verify whether the user had entered the correct password to decrypt the backup. This had the undesirable side effect of making it easier for hackers to crack the passwords of encrypted backups through brute force attacks, as previously reported.

Apple has resolved the security flaw by removing the new password hash from encrypted iOS 10.1 backups. The computer maker has reverted from an unsafe method back to the encryption method to the one used in iOS 9, as explained in a blog post by iOS app developers Reincubate here. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing