Apple makes iTunes backups ‘1,000 times safer’ with iOS 10.2


Apple just made it a lot harder to hack the iPhone.
Photo: Ste Smith/Cult of Mac

Apple has seriously stepped up its security game with iOS 10.2, according to a new report that found encrypted iTunes backups are now much more difficult to hack.

It takes roughly 1,000 times more processing power to hack the password of an iOS 10.2 backup than an iOS 10.1 backup, report the security experts at iMazing.

Improving encryption

Apple’s backup encryption tools have remained roughly the same since iOS 4. With the release of iOS 10, Apple made a crucial flaw in how it validates passwords that theoretically could have let hackers unlock backups in just hours with a brute force attack.


The company quickly fixed the issue with iOS 10.1 so that brute force attacks aren’t as easy. Now, in the first iOS 10.2 beta, protections have revved up to make passwords even harder to hack.

iOS 10.2 is still in beta testing with developers. The second build was released today with Apple’s new TV app and SOS feature. It should be available to the public by the end of 2016.

With the new beta build, validating a user password is much more demanding in terms of processing power. By adding many more iterations to generate the derived key, Apple has made it so it would take a hypothetical hacker 1,000 years to crack a backup and reveal password.

The improved security was likely motivated by the spread of easy-to-use third-party brute force tools. Weaker backup passwords can be guessed in just hours with some tools, but it looks like Apple has leaped ahead of would-be attackers (at least for now).


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.