Forensics firm says backups easier to crack in iOS 10, Apple promises fix

With all the attention Apple received over the past year on the issue of security and the iPhone platform, how in the heck could this get out of Apple?  One would think the first thing QA would look at is the security system of the iOS and companion software like iTunes.  I mean, really?  (Time for a seance to raise Steve.)

Stukey said:

With all the attention Apple received over the past year on the issue of security and the iPhone platform, how in the heck could this get out of Apple?  One would think the first thing QA would look at is the security system of the iOS and companion software like iTunes.  I mean, really?  (Time for a seance to raise Steve.)

It's not a really a big deal. It's an iOS backup to iTunes, so the hacker would have to 1) have physical access to their Mac or WinPC, and have access to their account. That's not to say that this shouldn't be more secure, but if you're in the account you already have access to a great deal of other personal information, most of it synced with an iDevices.

I hope everything is using full disk encryption, a complex password, unique passwords for every account, a password manager, 2FA, and a VPN whenever you're on an unsecured, public network. Your iCloud password needs to be the most secure and complex password you can possibly remember.

We must be realistic. 

Apple has has lessened the anal retentive stance it had on securing and locked by down everything. 

Its sad sad but true and it started with the kernel. 

There re was no way Apple could publicly say that they were going to allow their systems to be crackable by the government, but their would also be a push-shove going on and we know who'd win that one. So Apple cited "performance improvements," etc. for no longer encrypting the kernel. Now we hear there's going to be a "fix" for inadequately secured backups. 

It it was intentional. Now they'll only have to figure Ways to keep it so that most researchers won't figure it out while still leaving an Achilles heel. 

As much as I'd like to believe otherwise, I believe this is the case. With an FBI that's willing to embarrass itself in investigations so that they can play favorites with political candidates, it's an immature environment that common sense and justice cannot win in. Therefore you have acquiescence to the bully. Sadly, that's what's happening here. 

9secondkox2 said:

We must be realistic. 

Apple has has lessened the anal retentive stance it had on securing and locked by down everything. 

Its sad sad but true and it started with the kernel. 

There re was no way Apple could publicly say that they were going to allow their systems to be crackable by the government, but their would also be a push-shove going on and we know who'd win that one. So Apple cited "performance improvements," etc. for no longer encrypting the kernel. Now we hear there's going to be a "fix" for inadequately secured backups. 

It it was intentional. Now they'll only have to figure Ways to keep it so that most researchers won't figure it out while still leaving an Achilles heel. 

As much as I'd like to believe otherwise, I believe this is the case. With an FBI that's willing to embarrass itself in investigations so that they can play favorites with political candidates, it's an immature environment that common sense and justice cannot win in. Therefore you have acquiescence to the bully. Sadly, that's what's happening here. 

9secondkox2 said:

We must be realistic. 
[…]
Its sad sad but true and it started with the kernel. 

Yes, we must be realistic… but you're not. If Apple wanted the gov't to have an unencrypted kernel it could have done so without giving it to hackers. The whole point is to harden the kernel against attacks.