Digital forensics firm Elcomsoft revealed this week that Apple has changed how encrypted iOS backups are protected, reducing security to improve the overall user experience.
Elcomsoft’s discovery kicked off a vigorous debate on Hacker News and Twitter, but does this change represent a real risk to the average Apple user? The answer is yes, but that answer has to be understood in the proper context. In absolute terms, Apple’s change is a step backward for iOS security, but the nuances of real-world usage suggest that Apple sees it as a net improvement for protecting user data from loss.
While I wish that Apple hadn’t made this change, and I do consider it a hit to my personal security, I can see where Apple is coming from and how the company may see it as enhancing the safety of user data. Let me explain.
After some friendly nudging by Dave Mark and I (and others), Rich Mogull comes up with his usual great explanation and cuts through the FUD.