2 min read

New iOS security feature can be defeated by a $39 adapter... sold by Apple

Graham CLULEY

July 10, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New iOS security feature can be defeated by a $39 adapter... sold by Apple

Yesterday Apple released a brace of updates for its software – fixing bugs and patching security holes in the likes of MacOS, watchOS, tvOS, Safari, iTunes for Windows, iCloud for Windows, and iOS for iPhones and iPads.

The update for iOS, bringing it to version 11.4.1, is particularly interesting as it includes a new feature – “USB Restricted Mode.”

USB Restricted Mode is designed to disable an iPhone or iPad’s Lightning port, preventing it from transferring data, one hour after the device was last locked.

You can still charge your device after its Lightning port has been disabled, but you need to enter a smartphone’s password if you wish to use the port to transfer data to and from device.

A support advisory from Apple shares more details:

“Starting with iOS 11.4.1, if you use USB accessories with your iPhone, iPad, or iPod touch, or if you connect your device to a Mac or PC, you might need to unlock your device for it to recognize and use the accessory. Your accessory then remains connected, even if your device is subsequently locked.”

“If you don”t first unlock your password-protected iOS device — or you haven”t unlocked and connected it to a USB accessory within the past hour — your iOS device won”t communicate with the accessory or computer, and in some cases, it might not charge. You might also see an alert asking you to unlock your device to use accessories.”

Which sounds, of course, like bad news for law enforcement and intelligence agencies who may want to crack into a locked iPhone using tools like GrayKey. GrayKey, and similar tools, use the Lightning port to help anyone with physical access crack their way into a locked device – without having to manually guess the passcode.

Unfortunately for Apple, and customers who like to believe that their phone is private, a workaround has been discovered whereby police could prevent an iPhone or iPad entering USB Restricted Mode if they act quickly enough.

Researchers at Elcomsoft discovered that the one hour countdown timer can be reset simply by connecting the iPhone to an untrusted USB accessory:

“In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.”

And where might you find such a compatible USB accessory that can prevent USB Restricted Mode from kicking in?

Look no further than Apple’s own online store, where the company will happily sell you a Lightning to USB 3 Camera Adapter for a mere $39. Chances are that there are even cheaper accessories which will do the job just as well.

Apple has successfully made the window of opportunity smaller for anyone (whether they be a member of law enforcement or not) to crack into an iPhone, but this discovery means that they have not closed it completely.

Apple will need to continue to strengthen the security and privacy of its mobile devices if it wishes to maintain its edge over many Android smartphones. Nice try with iOS 11.4.1 Apple, but we need you to do more.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read