Apple has been big on strong encryption lately, but it's not immune to making missteps. Security researchers at Elcomsoft have discovered that iOS 10's local encrypted backups (that is, the ones you create in iTunes) use an older password protection algorithm that's much easier to crack than the one used in iOS 9 -- about 2,500 times easier, according to the team. If intruders can get to your iTunes backups and use a brute force cracking tool, they could have a much simpler time breaking the security and getting access to sensitive info like account passwords or your Health app data.
The good news? Apple tells Fortune that it's planning to toughen up security in an "upcoming security update." It also stresses that this won't affect your iCloud backups, and that using full disk encryption on your computer (such as macOS' FileVault) can add some extra security in the meantime. You can read the full statement below.
The likelihood of someone both hijacking your computer and knowing that there's iOS data to swipe is rather slim, so you might not want to chuck out your local backups just yet. However, you'll definitely want to be careful about doing things that could compromise your computer, such as leaving it in a public space or running it without a tough-to-guess password.
"We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption."