Apple this week released iOS 11.4.1, an incremental software update that contained a feature to thwart iPhone hacking measures. But, unfortunately, security researchers have already found a way to bypass that feature, which is dubbed USB Restricted Mode.
First, some background. USB Restricted Mode is essentially a software capability that disables data access via Lightning port after a certain amount of time if it isn’t unlocked periodically.
If a device is left locked or disconnected from a trusted USB device for exactly one hour, USB Restricted Mode will kick in — rendering iPhone hacking tools like GrayKey relatively useless. That security measure persists through reboots and even full software restoration processes.
That was a good move on Apple’s part to protect the privacy and security of its consumers. While GrayKey is reportedly only used by law enforcement currently, it’s completely possible for a device to fall into the wrong hands.
But security researchers at Elcomsoft, which first spotted the feature in an iOS 11.4 beta, have reportedly found a workaround.
Apparently, iOS will reset the one-hour USB Restricted Mode timer if a device is plugged into a certain untrusted USB accessory. While a Lightning to 3.5mm adapter doesn’t work, a ~$39 Lightning to USB camera adapter will.
As such, Elcomsoft researcher Oleg Afonin said that law enforcement or forensic procedures for seizing and transporting iPhones might now include a Lightning accessory. Before, a Faraday bag and a battery pack would suffice.
Afonin did point out that it isn’t necessarily a severe vulnerability. In fact, Afonin said it’s most likely “nothing more than an oversight” on Apple’s part. The researcher noted that the workaround seems to work on iOS 11.4.1 and the second iOS 12 beta.
Of course, it’s incredibly likely that Apple will patch this going forward. But it’s also as likely that security researchers and entities like Grayshift will continue to search for exploits and vulnerabilities to take advantage of.
In other words, expect a back-and-forth struggle as Apple and hackers move to outfox each other in the future.
If you’re concerned about third-parties accessing the data on your device, your best bet is to use a strong, alphanumerical passcode. The longer and more complex the passcode, the longer devices like GrayKey will take to crack them.