Apple recently introduced a new feature in iOS 11.4.1 called USB Restricted Mode, which is meant to block devices that can crack the iPhone’s passcodes and unlock them. However, mobile forensics firm Elcomsoft found that this new security feature can be easily bypassed with just about any Lightning port accessory.
iPhone Restricted Mode
Over the past year or so, we’ve seen more companies develop ways to unlock locked iPhones (opens in new tab) for law enforcement, and chances are we would’ve seen more in the future unless Apple took steps to address this issue.
This is how Apple came up with the USB Restricted Mode, which disables the Lightning port data connection after the iPhone hasn’t been unlocked for seven days. Seven days seems like a significant amount of time, as chances are by the time those seven days pass, law enforcement would have long been able to unlock the device once it’s in their possession.
Some users complained about this online, noting that they’ve never even needed the data connection for their Lightning port to be enabled by default. Apple seems to have listened to some degree, as the USB Restricted Mode is now automatically enabled an hour after the user has last unlocked the phone.
USB Restricted Mode Flaw
Elcomsoft’s initial tests showed that once the USB Restricted Mode is enabled, there’s no way to disable it with forensics tools. However, the company found a flaw in Apple’s new implementation of the USB Restricted Mode.
If an accessory is connected to the iPhone within that one-hour timeframe before the Restricted Mode is enabled, then it will be able to disable the lockdown timer. According to Elcomsoft, even untrusted accessories can do this, and the company believes that it should be able to keep an iPhone unlocked even with $2 iPhone cables from online Chinese stores.
Elcomsoft believes that this is what the police would need to do to bypass iPhone’s new security feature:
- Connect the iPhone to a compatible Lightning accessory (such as the official Lightning to USB 3 Camera Adapter).
- Plug external battery pack to the adapter (to avoid iPhone battery drain).
- Place the entire assembly in a Faraday bag.
Elcomsoft explained that this issue with the USB Restricted Mode feature arises from the fact that Apple doesn’t enforce cryptographic authentication for iPhone accessories, except for its own. Because many iPhone accessories lack support for authentication, and because the iPhone connects to them anyway, that means any untrusted device could connect to the iPhone and exploit or bypass certain security features. The only way for Apple to now fix this flaw would be to require authentication of all iPhone accessories, but this likely won’t happen anytime soon.
If Apple does end-up switching to the USB Type-C port for one of its next iPhones, as has been previously rumored, it could use the opportunity to require authentication, too. The USB Promoters Group announced support for USB Type-C authentication back in 2016.