iPhone hackers say Apple weakened backup security with iOS 10

Forbes:

Professional iPhone hackers say that Apple has dropped the ball on password security with its latest iPhone operating system, making the task of cracking the logins for backups stored on a Mac or PC considerably easier.

The claim comes from Elcomsoft, a well-known Russian forensics company, whose kit was thought to have been used by hackers who exposed celebrities’ nude pictures in 2014. Like market leader Cellebrite, it makes its money selling kit that can break into iPhones for the purpose of rooting around a target’s device. As soon as iOS 10 was out, the company started probing its security, and found Apple was using a weaker password protection mechanism for manual backups via iTunes than it had done previously.

Apple says they are “aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update.” It’s not going to happen but I’d like to hear an explanation from Apple about how and why this backward step was implemented.