What is a risk to the security of an iPhone backup if the user selects to set a password and encrypt their backup?

What is a risk to the security of an iPhone backup if the user selects to set a password and encrypt their backup? When a user creates an iOS backup file they have the option to encrypt the data. If they select this option a backup of the keychain that contains the encryption password is saved to the file manifest.plist. This file can be examined and the encrypted password can be decrypted, typically through a brute force attack.

Question:

What is a risk to the security of an iPhone backup if the user selects to set a password and encrypt their backup?

Options:

The keychain is not captured with the backup and the password can be recovered from the Info.plist file

The clear text password will be cached in the user’s keychain and can be recovered searching the user’s keychain

The data is encrypted using a strong key but the password is saved to a file which is encoded using Base64, which is easily reversible

The backup file is encrypted and a copy of the keychain is saved in a local file which may be attacked using brute force tools

Correct Answer

The Correct Answer for this Question is

The backup file is encrypted and a copy of the keychain is saved in a local file which may be attacked using brute force tools

Leave a Comment