We have long been hearing about Apple’s upcoming USB Restricted Mode, and now, the feature is finally made available with the iOS 11.4.1 update. The feature debuted quietly on Monday as the iPhone maker has maintained that none of their security efforts are aimed at provoking the police.
Why Cops may hate the iOS 11.4.1 update?
With Apple’s new USB Restricted Mode, if the iPad and iPhone are locked for an hour straight, USB accessories will not be allowed to connect to the device, rendering tools like GrayKey useless. In case the user decides to connect a USB to the iPhone after an hour, they just need to switch on the option and remove the hour limit. Users can find the new USB accessory toggle button under the Face ID & Passcode. The switch is disabled by default.
Apple’s latest decision to crank up the security is a welcome change for the users, but would irk law enforcement agencies, who often have to unlock recovered or confiscated iPhones to get at the saved information. Apple surely knows this and has talked about it earlier.
“We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” Apple said in a statement, according to The Verge.
However, despite the claims from Apple regarding its new security feature, it appears that this new feature is not fool-proof.
USB Restricted Mode – is it fool-proof?
Researchers at ElcomSoft, a cybersecurity firm, claim that Apple’s new feature has a loophole that can be used to reset the one-hour counter for as long as the supported USB accessory is plugged into the iPhone’s Lightning port, irrespective of whether the phone has ever been connected to that accessory in the past.
“We performed several tests, and can now confirm that USB Restricted Mode is maintained through reboots, and persists software restores via Recovery mode. In other words, we have found no obvious way to break USB Restricted Mode once it is already engaged.” said ElcomSoft’s Oleg Afonin in a blog post.
Afonin notes that such a loophole is not a severe mistake, rather “nothing more than an oversight.” However, the loophole could act as the starting point if the law enforcement agencies decide to work out a solution for the new restrictive mode. Such a loophole can be used to develop another tool (just like GrayKey – a tool to unlock an iPhone) to bypass the newly added feature.
Afonin believes that after the iOS 11.4.1 update, the law enforcement agencies will need to make several changes in the ways they seize and transport the iPhone devices. Before the iOS 11.4.1 update, dumping the iPhone inside a “Faraday bag” and connecting it to the battery pack was all that the agencies needed to do to ensure the safety while transporting the device to the lab, but now this process will have to been changed.
Afonin claims that Apple’s own lightning to USB 3 camera adapter – priced at $39 – can be used to bypass the lockdown. ElcomSoft is also testing other adapters along with cheap third-party ones to identify the ones compatible with the counter.
- [Source] : valuewalk
Pages: 1 2