iOS 11 has possibly major security problems due to which the iPhone and iPad are much more vulnerable to hacker attacks, according to a company specialized in computer security. We are talking about the Russian company Elcomsoft, which also specializes in the development of software with the help of which information can be extracted from iPhone and iPad backups, regardless of which version of iOS they are running.
iOS 11 comes with a new way to encrypt data saved in backups, and Elcomsoft says that this change leaves terminals vulnerable to certain types of attacks. According to the company, any person who has access to an iPhone, or an iPad tablet, with iOS 11 installed, can also access the data saved in an encrypted backup due to a change made by the Apple company for them.
"The password would become the property of the i-device and not the PC (or the copy of iTunes) that was used to set the password. You could connect your phone to a different computer and make a local backup with a freshly installed copy of iTunes, and that backup would still be protected with the password you set a long time ago."
Until iOS 11, encrypted backups could not be accessed even if a person knew the security code of the iPhone and iPad, and that's because those backups had separate passwords. Some data could be accessed with an access code, but not all, and without the password of the encrypted backup they could not be accessed, even in the case of changing the computer used to save the data from the iPhone or iPad.
Starting with iOS 11, the Apple company allows resetting the password of an encrypted backup directly from the iPhone or iPad, so that the data can be accessed by a person who also knows the access code. After resetting the password and accessing the data, another password can be set without any problems, but the key in this process lies in the fact that the password is now reset directly from the terminal without knowing the old one.
"Any attempt to change or remove that password must pass through iOS, which would require providing the old password first. Forgot the original password? There's no going back, you're stuck with what you have unless you are willing to factory reset the device and lose all data in the process."
The change is beneficial for users who forget the passwords of the backups they encrypt, having the possibility to reset them from their phones to have access to them. The change reduces the security level of the iPhone and iPad, leaving the phones vulnerable to those who want to find out the data in them, but the compromise is made to help users not to lose important data from the phones.
This change can help the authorities to more easily access the data of the phones and tablets of criminals and terrorists, and in real life it is difficult to say how many people could be affected by the change.
