Apple seems to have included a feature in the upcoming iOS 11.4 update that could mitigate some of the implications of iPhone hacking tools.
The iOS 11.4 beta reportedly introduces what’s a so-called USB Restricted Mode, first spotted by software firm Elcomsoft. While the feature seems to be a relatively quiet addition to the Apple mobile operating system, Elcomsoft confirmed its existence through its own testing.
Basically, it works like this: when an iPhone goes seven days without being unlocked, it enters USB Restricted Mode. The mode disables data access via the Lightning port — meaning that the port is then useless for anything but charging the device.
“At this point, it is still unclear whether the USB port is blocked if the device has not been unlocked with a passcode for 7 consecutive days; if the device has not been unlocked at all (password or biometrics); or if the device has not been unlocked or connected to a trusted USB device or computer,” Elcomsoft’s Oleg Afonin wrote in a blog post.
The implications of the feature are pretty clear. USB Restricted Mode could cause complications for both law enforcement officials and malicious entities who have access to Lightning-based hacking devices.
Those groups will only have one week — from the time an iPhone was last unlocked — to access the data through hacking tools, such as GrayKey.
If you need a refresher, GrayKey is a small hacking tool that can essentially unlock any Lightning-based iPhone running even the latest versions of iOS. It bypasses the encryption by guessing the iPhone’s passcode, though the exact means it uses is still unclear.
GrayKey is also being snatched up by various law enforcement agencies across the U.S., including those at the federal, state and local level. The main concern, however, is that GrayKey or its code could fall into the wrong hands.
GrayKey’s developer, a firm called Grayshift, has already been targeted by an extortion attack. And other cybersecurity companies, like Cellebrite, have also suffered data breaches that exposed some of their hacking secrets.
While USB Restricted Mode can’t stop GrayKey hacking entirely, it can give entities with access to those platforms a limited time frame to so. Presumably, if one uses a longer alphanumeric password, USB Restricted Mode could kick in before a tool like GrayKey can bypass the encryption.
In its developer support documentation, Apple writes that the feature is a way to improve security. It notes that users will need to unlock their device at least once a week before it kicks in.
USB Restricted Mode was first included in an iOS 11.3 beta but was pulled before the final release. Apple could also pull the mode before the release of iOS 11.4, so there’s no guarantee that it’ll show up in the next update.
On the other hand, the mode hints that Apple is aware of the proliferation of iPhone hacking tools and is taking active steps to combat them.
The exact methods these tools leverage are usually kept secret, making it hard to Apple to patch those vulnerabilities. But a feature like USB Restricted Mode is a clever and elegant way to get around that and make those tools harder to use successfully.