What is a risk to the security of an iPhone backup if the user selects to set a password and encrypt their backup? When a user creates an iOS backup file they have the option to encrypt the data. If they select this option a backup of the keychain that contains the encryption password is saved to the file manifest.plist. This file can be examined and the encrypted password can be decrypted, typically through a brute force attack.
Question:
What is a risk to the security of an iPhone backup if the user selects to set a password and encrypt their backup?
Options:
The keychain is not captured with the backup and the password can be recovered from the Info.plist file
The clear text password will be cached in the user’s keychain and can be recovered searching the user’s keychain
The data is encrypted using a strong key but the password is saved to a file which is encoded using Base64, which is easily reversible
The backup file is encrypted and a copy of the keychain is saved in a local file which may be attacked using brute force tools
Correct Answer
The Correct Answer for this Question is
The backup file is encrypted and a copy of the keychain is saved in a local file which may be attacked using brute force tools
