Dear Friends,

If you are using Elcomsoft Phone Breaker (EPB), you may already know we've updated the tool to version 6.10, introducing iOS 10 support. We've also announced a Mac version of Elcomsoft Phone Viewer. If you haven't received that newsletter, please feel free to read the original announce.

Today we have something new to share. While working on iOS 10, we discovered a major security weakness in the way iOS 10 handles backup encryption. iOS 10 local backups bypass certain security checks, making it possible to significantly speed up the recovery.

Technically speaking, the new protection scheme employed in iOS 10 is approximately 2500 times weaker compared to what was used in iOS 9. Does this mean you can break passwords that much times faster? Read along to find out!

How Fast, Exactly?

As of today, you can use Elcomsoft Phone Breaker 6.10, which can employ your computer's CPU to attack passwords to iOS 10 backups. This early implementation of a CPU-based attack is 40 times faster than attacking iOS 9 backups using fully optimized GPU acceleration code.

We were able to test password recovery speeds for iOS 9 and iOS 10 backups using the same hardware.

What Do These Numbers Mean?

Quite simply, 6 million passwords a second is a lot. A truly random, 6-character alphanumerical password (single-case letters) will only take 6 minutes to break. Add an extra character, and it still takes 3.6 hours to brute-force. The same 7-character password protecting an iOS 9 backup would take 6 days to break.

Update Availability

Get Elcomsoft Phone Breaker 6.10 right away and benefit from the new ground-breaking method for breaking iOS 10 passwords!

Read the complete press release in PDF format: English, German, Russian.

Read an article Security Weakness Discovered, Backup Passwords Much Easier to Break in our blog.

Sincerely yours,
ElcomSoft team