iOS 10 'contains massive security glitch'

Latest version of Apple's operating system makes hacking 2,500 times easier, says Russian digital security company

iPhone 6

Apple's latest operating system, iOS 10, makes it 2,500 times easier for hackers to steal passwords and sensitive data, according to a digital security company.

The tech giant has acknowledged there is an "issue" and says it will release a patch to fix the problem, which occurs when users manually back up an iPhone or iPad using iTunes.

Russian firm Elcomsoft says the problem is caused by Apple's decision to change the way it encrypts the back-ups.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.


Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

iOS 9, the previous version of the system, used the SHA256 algorithm, says Fortune magazine. The new edition uses an older algorithm, PBKDF2, instead.

Internet security expert Per Thorsheim told Fortune PBKDF2 allows password-cracking software to attack more rapidly than SHA256, giving hackers access within two days in 80 to 90 per cent of cases.

Elcomsoft, which flagged up the security issue, makes software which can do exactly that – although it markets it for legitimate password retrieval, not hacking. Its Phone Breaker program uses brute force to guess passwords.

Phone Breaker can send six million passwords per second to the iOS 10 back-up to try and gain access, says Elcomsoft. In iOS 9, the number of guesses was capped at 150,000 per second – so the new system is 2,500 times easier to crack.

Once the password is forced, hackers would be able to steal credit card data and infiltrate Apple's password manager system, Keychain, giving them access to bank accounts and more.

Experts are asking why Apple changed its encryption, with Thorsheim demanding to know whether "this massive weakening of security and privacy is intentional [or] a stupid glitch", says Fortune.

However, Oleg Afonin of Elcomsoft said Apple's devices were highly secure and the vulnerability was one of the last avenues available to hackers.

"Apple smartphones are secure. iOS is also secure, and gets tougher with each subsequent generation," he wrote on his blog.

"Forcing an iPhone or iPad to produce an offline backup and analysing resulting data is one of the very few acquisition options available for devices running iOS 10."

Apple said: "We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update.

"This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users.

"Additional security is also available with FileVault whole disk encryption."

iOS 10: New iPhone software breaking some phones

14 September

Yesterday evening the latest version of Apple's iOS software for iPhones, iPads and iPods went live, but many people who snapped up the new software may now be wishing they hadn't.

iOS 10 has left some users' devices 'bricked' – a term for gadgets that no longer turn on. The software has already been successfully downloaded millions of times, but in some cases devices have crashed – with disastrous consequences. The only way to bring them back to life is to completely wipe them, which isn't remotely handy if you don't have a backup.

The Guardian reports that it has seen iOS 10 cause an iPhone to lock into a reboot cycle. Andrew Dalton, a contributor to the tech website Engadget, says his phone was broken by the software update.

Apple has since released a statement saying the issue has been resolved and that it was limited to a "small number of users during the first hour of availability". The firm has apologised to affected customers.

Alongside the bricking issues, some of iOS 10's new features have been irksome, such as the new method of unlocking your iPhone. As a result, TechRadar has put together a handy list of the most common complaints and what you can do about them.

If you'd still like to take the plunge and get iOS 10 early, here's what Apple is offering:

New iMessage features

One of iOS 10's primary areas of focus is messaging. Apple's messenger platform has big new features built into the latest iOS release.

First, the useful stuff: iMessage will support rich, inline links. As Wired puts it: "You can play videos from YouTube or songs from Music without bailing out to another app." The platform is also being opened up to third-party developers, so apps can be specifically built for the feature - and there's even an app drawer in which to store them.

As for the fun stuff, emoji fans ought to be pleased as the icons are now three times bigger and there's a hugely useful new way to access them – simply type up a message and emojifiable words will highlight yellow. A simple tap replaces the text with an icon.

There's also a new degree of animation to messages, with stickers you can layer on top of text and speech bubbles that can rumble, move, inflate and deflate to add emphasis. You'll also find quick reply options to send a fast thumbs-up, alongside a handful of other options.

Added to this is an "Invisible Ink" feature, so certain content can only be read if you deliberately access it. iMessage also now supports handwritten scribbles allowing users to send crude sketches and responses, and there are fully animated background effects so you can, for example, wish someone a happy birthday with virtual glitter and balloons.

Siri opens to developers

Apple has created a Siri developers kit to let the personal assistant play ball with an increasing number of third-party apps.

This means that with iOS 10, you can delegate many more tasks to the virtual personal assistant. For instance, you could ask Siri to order you an Uber, or maybe send a message via WhatsApp.

What this means is you'll be able to use Siri to operate many of the apps on your device without having to open them. For instance, you'll be able to book the likes of Lyft and Uber simply by asking Siri. It should pave the way to many more apps being available.

New lock screen

The most noticeable change in terms of the way iOS looks is found on the lock screen, which MacRumors calls a "rich notifications" screen. It packs more functions and displays more information while the device is locked.

There's also a new widgets system. Swipe left on the lock screen and information like the weather, your calendar and football scores for your favourite team will be displayed, depending on the apps you have already installed.

It's all uncovered by a "raise to wake" system, in which the display turns on and the lock screen shows up without the user having to press anything. The redesigned notification bubbles are also more interactive as well as smarter – they will update in real-time, so you're less likely to come across an unseen notification well past its expiry date. Widgets make an appearance, too.

iPhone 6S users and those keen to adopt the next iPhone will get the most out of the new system – users will be able to pop into notifications from the lock screen and respond quickly to messages without unlocking the phone.

Photos overhaul

Faces and Places are back in a big way , with facial and object recognition allowing images to be grouped by content. You'll be able to quickly access photographs of specific people and keyword search for certain objects. Places will do the same, but based on location.

There's also an all-new feature called Memories. 9to5Mac says it works "like a slideshow on steroids", patching together short films and slideshows using the Faces and Places software.

Voicemail transcription

You won't have to listen to voicemails with iOS 10 – you'll be able to read them. If you miss a call and the caller leaves a message Siri will transcribe it, so you can read it in handy text format instead.

Hide Apple apps, redesigns and more

Maps, News, and Apple Music get a redesign, becoming simpler to look at and more intuitive to use, while the all-new and much rumoured "Home" app for use with HomeKit appliances and fittings makes an appearance.

However, should it be of no use, here's some brilliant news – iOS 10 finally introduces the option to rid the iPhone home screen of Apple's stock apps. While not technically deleting them – they will still take up space on the phone – it's possible to completely hide them using the same method to delete third-party apps.

In addition, a "Wake Alarm" function allows you to set a recurring alarm, a prompt to get into bed and sleep-tracking abilities. Control Centre has been redesigned, Siri can now transcribe voicemail, typing messages and emails will sometimes offer up contextual suggestions and last but not least, typing now has a new sound effect.

Mashable lists some of the other small new features Apple didn't have time to cover in its iOS 10 reveal, one of them possibly pointing at the photographic capabilities of the iPhone 7. The new system allows you to shoot photographs in RAW format over the JPEG file type currently supported. "Photographers swear by RAW," says the site, adding that you'll also be able to edit the photos.

There's also a new way to optimise storage via a feature that automatically deletes songs that you don't listen to, although while this is handy if you store songs locally, it's fairly pointless for Apple Music and other cloud-based music-stream users.

How to get it

First, you must make sure your device is compatible. For iPhone users, only the iPhone 5 onwards can handle iOS 10. If you have an older version of Apple's smartphone, this is the end of the road software wise.

Similarly, only 6th generation iPod Touches will get the software, as will 4th generation iPads onwards.

Before updating your device, it's important to back it up just in case installing iOS 10 creates problems. You can do this by connecting your gadget to iTunes via a computer, or creating a new iCloud back up.

If you've got enough storage space on your device to update it, you should get a notification telling you that the latest iOS is ready to download. Alternatively, you can start the download manually by going into Settings, selecting General and then choosing Software Update.

To continue reading this article...
Continue reading this article and get limited website access each month.
Get unlimited website access, exclusive newsletters plus much more.
Cancel or pause at any time.
Already a subscriber to The Week?
Not sure which email you used for your subscription? Contact us