iOS 10 comes with more than a redesigned iMessage and widgets. Traditionally, iOS grows more secure with every subsequent release. But this doesn’t appear to be the case with iOS 10 – rather, it’s the contrary. iOS10 also ships with a serious design defect that makes it vastly easier to crack password-protected backups.
Moscow-based Elcomsoft discovered the flaw, which is centered around local password-protected iTunes backups. On iOS 10, these now have a weak secondary security mechanism which “skips certain security checks”. This makes it possible to launch a brute-force attack (guessing passwords by characters, or running through a dictionary with a huge number of potential phrases to get to the one that sticks) up to 2,500 faster than iOS 9.