The Daily Dose

iOS 10 comes with more than a redesigned iMessage and widgets. It also ships with a serious design defect that makes it vastly easier to crack password-protected backups. Moscow-based Elcomsoft discovered the flaw, which is centered around local password-protected iTunes backups. On iOS 10, these now have a weak secondary security mechanism which “skips certain security checks”. This makes it possible to launch a brute-force attack – where different passwords are tested until the correct one is identified – up to 2,500 faster than iOS 9. This separate security mechanism is distinct to iOS 10; it doesn’t affect earlier versions. It also exists in parallel with…

This story continues at The Next Web