The iPhone's New 'USB Restricted Mode' Can Be Bypassed by Cheap Accessories

Apple recently introduced a new feature in iOS 11.4.1 called USB Restricted Mode, which is meant to block devices that can crack the iPhone’s passcodes and unlock them. However, mobile forensics firm Elcomsoft found that this new security feature can be easily bypassed with just about any Lightning port accessory.

iPhone Restricted Mode

Over the past year or so, we’ve seen more companies develop ways to unlock locked iPhones for law enforcement, and chances are we would’ve seen more in the future unless Apple took steps to address this issue.

This is how Apple came up with the USB Restricted Mode, which disables the Lightning port data connection after the iPhone hasn’t been unlocked for seven days. Seven days seems like a significant amount of time, as chances are by the time those seven days pass, law enforcement would have long been able to unlock the device once it’s in their possession.

Some users complained about this online, noting that they’ve never even needed the data connection for their Lightning port to be enabled by default.  Apple seems to have listened to some degree, as the USB Restricted Mode is now automatically enabled an hour after the user has last unlocked the phone.

USB Restricted Mode Flaw

Elcomsoft’s initial tests showed that once the USB Restricted Mode is enabled, there’s no way to disable it with forensics tools. However, the company found a flaw in Apple’s new implementation of the USB Restricted Mode.

If an accessory is connected to the iPhone within that one-hour timeframe before the Restricted Mode is enabled, then it will be able to disable the lockdown timer. According to Elcomsoft, even untrusted accessories can do this, and the company believes that it should be able to keep an iPhone unlocked even with $2 iPhone cables from online Chinese stores.

Elcomsoft believes that this is what the police would need to do to bypass iPhone’s new security feature:

  1. Connect the iPhone to a compatible Lightning accessory (such as the official Lightning to USB 3 Camera Adapter).
  2. Plug external battery pack to the adapter (to avoid iPhone battery drain).
  3. Place the entire assembly in a Faraday bag.

Elcomsoft explained that this issue with the USB Restricted Mode feature arises from the fact that Apple doesn’t enforce cryptographic authentication for iPhone accessories, except for its own. Because many iPhone accessories lack support for authentication, and because the iPhone connects to them anyway, that means any untrusted device could connect to the iPhone and exploit or bypass certain security features. The only way for Apple to now fix this flaw would be to require authentication of all iPhone accessories, but this likely won’t happen anytime soon.

If Apple does end-up switching to the USB Type-C port for one of its next iPhones, as has been previously rumored, it could use the opportunity to require authentication, too. The USB Promoters Group announced support for USB Type-C authentication back in 2016.

Create a new thread in the News comments forum about this subject
This thread is closed for comments
7 comments
Comment from the forums
    Your comment
  • jimmysmitty
    There is always going to be a way around. No software is 100% secure. Even encryption is not 100% although to crack some of the best it takes a massive amount of hardware power.

    And the day Apple switches to a universal standard like USB Type-C is the day hell will most likely freeze over.
  • InvalidError
    Anonymous said:
    No software is 100% secure.

    It is possible to write 100% secure software - I'm pretty sure I can write a 100% secure 1Hz blinker firmware for an ATtiny8 micro-controller, it'll be as secure as the controller itself can be :)

    However, writing 100% secure software becomes increasingly impractical as complexity goes up, especially on platforms that rely on heaps of boilerplate code and an OS that normal developers have no visibility into or control over.
  • Mpablo87
    Oh! One more useless device. And it will cost you 1000000000000 dollars. I don't like their products.