Apple to crunch iOS 10 local backup password brute force hole

Apple is brewing a fix to patch an iOS password flaw that allows credentials to be stolen from backups.

Elcomsoft researcher Oleg Afonin says the flaws mean cracking efforts against iOS 10 backups are 2500 times faster compared to similar efforts against iOS 9. If successful, the attack will grant access to device keychains.

The latest iOS released earlier this month allows six million passwords to be attempted each second compared to 2400 a second against iOS 9, using an Intel i5 processor. Afonin conducted his research using a commercial tool.