Looks like Apple added a new password verification system for encrypted iOS 10 device backups made by iTunes on Mac or Windows. It exists in parallel to the previous one, which uses a PBKDF2 algorithm, but uses SHA256 instead. That, according to researchers, makes it easier for someone with physical access to your computer, if logged in, to brute force the password and access your data.
What happened exactly?
Here's the deal, straight from Elcomsoft:
Is Apple fixing it?
Yup! Apple told Forbes a fix in in the works:
Should I worry about this?
Be informed, don't be alarmed. It's nothing most people have to worry about.
If you are worried, use iCloud for now instead of iTunes for device backups. If you don't want to use iCloud and want to keep using iTunes, make sure you don't leave your computer around where strangers can access it, and make sure you use a strong, impossible to guess, account password for your computer.
Then update as soon as Apple makes the fix available.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.