Apple recently introduced a new feature in iOS 11.4.1 called USB Restricted Mode, which is meant to block devices that can crack the iPhone’s passcodes and unlock them. However, mobile forensics firm Elcomsoft found that this new security feature can be easily bypassed with just about any Lightning port accessory.
iPhone Restricted Mode
Over the past year or so, we’ve seen more companies develop ways to unlock locked iPhones (opens in new tab) for law enforcement, and chances are we would’ve seen more in the future unless Apple took steps to address this issue.
This is how Apple came up with the USB Restricted Mode, which disables the Lightning port data connection after the iPhone hasn’t been unlocked for seven days. Seven days seems like a significant amount of time, as chances are by the time those seven days pass, law enforcement would have long been able to unlock the device once it’s in their possession.
Some users complained about this online, noting that they’ve never even needed the data connection for their Lightning port to be enabled by default. Apple seems to have listened to some degree, as the USB Restricted Mode is now automatically enabled an hour after the user has last unlocked the phone.
USB Restricted Mode Flaw
Elcomsoft’s initial tests showed that once the USB Restricted Mode is enabled, there’s no way to disable it with forensics tools. However, the company found a flaw in Apple’s new implementation of the USB Restricted Mode.
If an accessory is connected to the iPhone within that one-hour timeframe before the Restricted Mode is enabled, then it will be able to disable the lockdown timer. According to Elcomsoft, even untrusted accessories can do this, and the company believes that it should be able to keep an iPhone unlocked even with $2 iPhone cables from online Chinese stores.
Elcomsoft believes that this is what the police would need to do to bypass iPhone’s new security feature:
- Connect the iPhone to a compatible Lightning accessory (such as the official Lightning to USB 3 Camera Adapter).
- Plug external battery pack to the adapter (to avoid iPhone battery drain).
- Place the entire assembly in a Faraday bag.
Elcomsoft explained that this issue with the USB Restricted Mode feature arises from the fact that Apple doesn’t enforce cryptographic authentication for iPhone accessories, except for its own. Because many iPhone accessories lack support for authentication, and because the iPhone connects to them anyway, that means any untrusted device could connect to the iPhone and exploit or bypass certain security features. The only way for Apple to now fix this flaw would be to require authentication of all iPhone accessories, but this likely won’t happen anytime soon.
If Apple does end-up switching to the USB Type-C port for one of its next iPhones, as has been previously rumored, it could use the opportunity to require authentication, too. The USB Promoters Group announced support for USB Type-C authentication back in 2016.
And the day Apple switches to a universal standard like USB Type-C is the day hell will most likely freeze over.
However, writing 100% secure software becomes increasingly impractical as complexity goes up, especially on platforms that rely on heaps of boilerplate code and an OS that normal developers have no visibility into or control over.
Anyone who wants to transfer data to the phone will need to do so using a proprietary wireless protocol that requires a MacBook and a $75 dongle.
I wouldn’t mind enabling the peripheral connection once a month for encrypted backups in iTunes.
I doubt it. I bet you $100 I'll be able to re-flash your attiny with my own malware, even if you go to the trouble of disabling the reset fuse so that it can't be re-flashed.
A mere 12v to the reset line and the tiny goes blank, ready to accept my own 2Hz blink routine!
The big problem outlined in this article is that apple secured one entry, while leaving a gaping back-door unprotected.
"Lets secure the door and use that as marketing to tell everyone how secure our devices are" while leaving door B wide open.