BREAKING: iOS 10 includes “severe” security flaw

Discussion in 'iOS 10' started by X--X, Sep 24, 2016.

Thread Status:
Not open for further replies.
  1. X--X, Sep 24, 2016
    Last edited: Sep 24, 2016

    X--X macrumors 6502

    Joined:
    Jun 11, 2015
    #1
    Thank you Apple for deliberately making users vulnerable.

    Source: http://www.dailydot.com/layer8/ios-10-backup-security-encryption/


    Obviously NSA and FBI pressure, getting access to backups is exactly what they complained about.

    .
     
  2. cableguy84 macrumors 6502a

    cableguy84

    Joined:
    Sep 7, 2015
    Location:
    Essex
  3. X--X thread starter macrumors 6502

    Joined:
    Jun 11, 2015
  4. Tubamajuba macrumors 68000

    Joined:
    Jun 8, 2011
    #4
    This is certainly a newsworthy story, but there is absolutely zero evidence that this is "deliberate", especially if Apple "appears eager to fix it", as your source states.
     
  5. X--X thread starter macrumors 6502

    Joined:
    Jun 11, 2015
    #5
    They change the whole mechanism for NO REASON at all, put in all that work, for NO REASON at all AND just by coincidence it turns out to be 2500 times easer to access.

    Yeah right.
     
  6. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #6
    How do we know the "NO REASON at all" part?
     
  7. C5.4 macrumors member

    C5.4

    Joined:
    Sep 22, 2016
    #7
    You are jumping ahead here. It clearly says Apple is eager to fix the issue. Can't say it's deliberate if there is zero evidence to support. It would be one thing if this was a 9.x.x update but Apple completely rebuilt iOS 10 from the ground up. Security wise, many parts of the system have been left unencrypted for the first time ever. It is completely possible that Apple screwed up somewhere. And I do not disagree with the fact it is a security flaw that should be fixed asap.

    And I am not trying to stick up for apple. I am just trying to think logically
     
  8. X--X thread starter macrumors 6502

    Joined:
    Jun 11, 2015
    #8
    Well "the reason" is clear. What I meant is there is no legitimate reason to all of a sudden change the backup mechanism after their FBI ordeal.

    What else are they gonna say in public?

    "Oh that thing, yeah we did that on purpose...oh well you got us...darn it"
     
  9. Tubamajuba macrumors 68000

    Joined:
    Jun 8, 2011
    #9
    Are you well versed in programming? If so, can you explain to me how they changed this mechanism?
     
  10. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #10
    How do we know "the reason is clear"?
     
  11. X--X, Sep 24, 2016
    Last edited: Sep 24, 2016

    X--X thread starter macrumors 6502

    Joined:
    Jun 11, 2015
    #11

    That's what the researches say...

    And here is the exact technical explanation

    The password encryption algorithm is THE ONLY THING Apple changed in iOS 10.
    So the one thing they did is to make it weaker, nothing else was done.
     
  12. C5.4 macrumors member

    C5.4

    Joined:
    Sep 22, 2016
    #12
    If you read any other article besides this one, you would know Apple has contacted Elconmsoft and told them they are fixing the issue in a future iOS update

    https://twitter.com/thorsheim/status/779415367038996480
     
  13. X--X thread starter macrumors 6502

    Joined:
    Jun 11, 2015
    #13
     
  14. Gathomblipoob macrumors 601

    Gathomblipoob

    Joined:
    Mar 18, 2009
    #14
    Conspiracy theories are much more fun, though.
     
  15. X--X, Sep 24, 2016
    Last edited: Sep 24, 2016

    X--X thread starter macrumors 6502

    Joined:
    Jun 11, 2015
    #15
    Interesting software that ElcomSoft has on their website

    https://www.elcomsoft.com/eppb.html


    Apple also removed Kernel encryption in iOS 10

    http://www.macrumors.com/2016/06/22/apple-unencrypted-kernel-ios-10-intentional/
     
  16. CTHarrryH macrumors 65816

    Joined:
    Jul 4, 2012
    #16
    you do realize that someone has to steal your mac or windows machine also to implement this and it doesn't effect iCloud security.
     
  17. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #17
    This barely qualifies as a security flaw as the device isnt being attacked (and this forum is testament to the huge numbers of users that dont take backups of any kind).

    Security is an arms race so probably good reason to change the algorithm, the real test is whether, once the iterations is fixed, the new mechanism is stronger than the old.
     
  18. X--X, Sep 24, 2016
    Last edited: Sep 24, 2016

    X--X thread starter macrumors 6502

    Joined:
    Jun 11, 2015
    #18
    It's not, that's the whole point.

     
  19. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #19
Thread Status:
Not open for further replies.

Share This Page