Apple’s new iOS 10 may have made passwords much easier to hack.
According to Elcomsoft, a Russian security firm specializing in password recovery, using the Phone Breaker tool on iOS 9 allowed a hacker to try 150,000 different passwords per second in a brute force attack. In iOS 10, because of a flaw in iTunes login, that number jumps to 6 million per second. Therefore, a brute force attack employed on iOS 10 is 2,500 times easier than through iOS 9.
In a statement, Apple acknowledged that it was aware of, and planning on addressing, this particular vulnerability, and that in the meantime users should practice good password security:
“We are addressing this issue in an upcoming security update. This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users.”
Preserving good security is still possible
However, even with the added iTunes login vulnerability in iOS 10, under most circumstances the vulnerability is not applicable. According to Gary Miliefsky, CEO at cybersecurity firm SnoopWall, the vulnerability does not present much of an increased threat to the average user, since it only comes into play with brute force attacks:
“It's not that big of a deal if you use a really good password that's not a word or combo of words in the dictionary.”
Even though iOS 10 would be more vulnerable to a brute force attack, especially where a weaker password is at play, Miliefsky points out that this threat only applies where the device has already been physically acquired by a potential hacker, and not in the case of virtual attacks.
“Bottom line is; someone brute forcing your phone needs to have it in hand physically anyway.”
As technology develops, online security risks heat up
In this new age of increased technological advancement, security vulnerabilities become easier to exploit, meaning individuals and companies have to be on their toes. Yahoo recently fell victim to a hack, resulting in 500 million accounts being compromised, the sensitive personal data contained therein now in the hands of hackers.
Additionally, privacy conscious users may not find it wise to trust large companies, many of whom have been complicit with governments in the gathering and sharing of personal information, with their private information. Famed NSA whistleblower Edward Snowden warned against using Allo, Google’s new encrypted messaging app, calling it “Google Surveillance.”