iOS 11 is “a horror story” and less secure than previous versions, security expert warns


A security expert has described iOS 11 as “a horror story” and claims it is less secure than previous versions of Apple’s mobile operating system.

An expert from ElcomSoft, a Russian company that creates tools used by law enforcement agencies to crack passwords and circumvent encryption, says that iPhones and iPads running iOS 11 are more vulnerable to attack.

This is because Apple made changes to the different layers of security in iOS 11, with the Cupertino firm opting for convenience over security with its latest software release.

In a blog post detailing their findings, ElcomSoft security researcher Oleg Afonin said that cracking the passcode was now enough to gain access to all data on an iPhone, whereas this before wasn’t the case.

Mr Afonin claims that in iOS 11, a crucial layer of security has been removed by Apple.

In previous versions of iOS, even if a hacker had access to the passcode, that wasn’t necessarily enough to access all the data on the device, as a separate password was needed to access an encrypted backup of the iPhone or iPad.

“The password would become the property of the i-device and not the PC (or the copy of iTunes) that was used to set the password, Mr Afonin explained.

“You could connect your phone to a different computer and make a local backup with a freshly installed copy of iTunes, and that backup would still be protected with the password you set a long time ago.

“Any attempt to change or remove that password must pass through iOS, which would require to provide the old password first. Forgot the original password? There’s no going back, you’re stuck with what you have unless you are willing to factory reset the device and lose all data in the process, he added.

The password was required whenever the user wanted to access the backup, even when accessing from a Mac or PC. There was no way of accessing the backup without the password, which was linked to the iOS device.

The simple multilayered system meant that it was impossible to access all the data without having possession of the iPhone and knowing the passcode and password.

Mr Afonin had called iOS “the most secure mobile ecosystem on the market.”

But now Apple has changed the security with iOS 11 which means that while the existing password can not be change, it can be reset meaning a hacker could theoretically take a back up of the data and then set a new password that only they would know.

According to 9to5Mac, Apple documented the change, meaning it was deliberate, rather than being a bug.

While the change is unlikely to impact most users, it is perhaps worth noting for people who are security conscious.


Comments are closed.