Cheap device could stall Apple's new USB port lock

By on
Cheap device could stall Apple's new USB port lock

Workaround for USB Restricted Mode feature.

Researchers believe a security feature designed by Apple to prevent iPhone and iPad data ports being used by law enforcement to crack passcodes may be defeatable with cheap USB devices.

The Restricted Mode for the USB data connection that runs over the Lightning plug on iPhones and iPads is part of the iOS 11.4.1 update released by Apple a few hours ago.

It prevents specialist unlocking hardware made by the likes of Cellebrite and Grayshift from entering multiple passcode guesses via the phone's data port.

Restricted Mode is activated if the iPhone or iPad is left locked for more than hour.

In an emergency situation, users can also disable the USB port on their iDevices by pressing the Power button five times.

Elcomsoft engineer Oleg Afonin noted that testing showed that once USB Restricted Mode kicks in, there is no obvious way to break it.

However, Elcomsoft now belives it has found a way round the data port being locked in the first instance, by connecting cheap USB devices to seized iPhones.

"What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory," Afonin said.

"In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour."

Afonin said Elcomsoft's testing showed that most if not all third party and official Apple USB accessories could be used to bypass the USB data port locking.

Using USB accessories to defeat the data port lock also works in Apple's iOS 12 beta, Afonin said.

Even if forensic engineers are able to stop the device they're trying to break into from entering USB Restricted Mode, Elcomsoft noted that since iOS 11.4, cracking devices such as Grayshift's GrayKey are limited to just one passcode guess per ten minutes.

This means breaking four digit passcodes would take as long as two months, and make it pointless to try to crack six digit access codes which are the default length in later versions of iOS.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?