iOS 10.2 introduces 1’000 times safer encrypted backups

7 Nov, 2016   |   Author: DigiDNA Team

The first beta of iOS 10.2 has been available to developers for a few days now, and it looks like this new version will feature much stronger encryption of local backups.

We believe that the move showcases Apple’s commitment to data security and user privacy, and is in part a reaction to the multiplication of affordable and easy to use 3rd party software solutions which offer tools to hack passwords of local iOS backups. Backup passwords are especially sensitive since many users use their Apple ID password when enabling backup encryption.

iMazing accesses and displays data from local backups, and decrypts encrypted data with the user’s permission and password only. We actively encourage our users to enable backup encryption, and are very pleased to see Apple implementing yet stronger encryption protocols in iOS 10.2.

The rocky road to better encryption

Since iOS 4, Apple’s backup encryption protocols have remained more or less the same: industry standard, strong and well implemented. One mechanism is key to understanding what happened in the past few months: key derivation. The user password is not directly used, it is inputted in an algorithm which derives from it a stronger key after n iterations. The more iterations, the longer it takes to derive the key and to validate a password.

In iOS 10.0, Apple changed the backup format and added a new layer of security to encrypted local backups, with file metadata (file sizes and dates, encryption keys and classes) in the backup database being encrypted as well. But what looked like hardened security in fact contained a critical flaw which made hacking the user’s backup password much easier: a second mechanism was added to validate user passwords, and that mechanism did not use key derivation.

Verifying the validity of a password was now 2’500 faster, allowing for far more efficient dictionary or brute force attacks. To put things in perspective, we imagine a hacker attempting to guess a user’s backup password by attempting all possible combinations (brute forcing). In this hypothetical setup, we postulate that it would take a whole year for the hacker’s computer to brute force a given iOS 9 backup password. With an iOS 10.0 backup, that same computer could now crack the same password in just 3 hours.

At the time, major outlets relayed the information:

Apple promised a quick fix, and just a few weeks later in iOS 10.1, encryption of metadata was dropped and the flaw which allowed faster verifications of backup passwords patched. We were back to square one, with our hypothetical user password taking a whole year to crack.

Apple's promises fulfilled

Now in the first iOS 10.2 beta, things changed yet again, and Apple packed a little surprise for would-be attackers: not only is the entire backup database now encrypted, but validating a user password is now much more demanding in terms of processing power, requiring many more iterations to generate the derived key. Our user’s password is safer than ever, taking the better part of a 1’000 years for our hypothetical hacker to crack.