Apple’s determination is never questionable when it comes to safeguarding the privacy of its users. Now, the company is taking the security arrangement on its device a notch higher by rendering the back door device hacking tools useless with the introduction of a USB Restricted Mode. Yes, you heard it right; an iOS 12 restrict USB access mode.
In iOS 12 restrict USB access mode, the invasive tools such as GrayKey box, a darling of law enforcement, won’t be able to make its way into the iPhone anymore. GrayKey is a simple-to-use tool that can be plugged into the locked iPhone via the lightning port to hack the password. However, the iOS 12 would render the port useless if the phone has not been unlocked for more than an hour. As iOS 12 restrict USB access, there would be no data communication between an iPhone and the connected “accessory.”
Dubbed as the USB Restricted Mode, the new feature would be available with the release of the iOS 12. So, it would be available on iPhones this fall. However, it is not a new feature. The earlier version had the time limit of one week rather than one hour. Giving the time limit of just one hour means that the GrayKey should be with the first responders rather than keeping it in the test lab. However, the device is priced at about $15,000 – $30,000, so giving it to the field officers could burn too much cash for law enforcement.
An hour may be a very short time to unlock the iPhone, but there could be a workaround. Back in May, security firm ElcomSoft stated that connecting the iPhone to a paired accessory or computer when it is unlocked can extend the restricted mode window, and centrally-managed hardware might be able to disable the mode entirely.
Also, since details on how a tool like GrayKey gets into the iPhones and iPads are a secret, it is possible that some loophole might still exist. Though such tools may find it hard to unlock iPhones with the iOS 12 restrict USB access mode, it is possible that they have more extreme techniques to get into the iPhones.
In addition, the USB Restricted Mode is available only in the beta version, not guaranteeing if the feature would be there in the final version. Both the iOS 11.4.1 and iOS 12 beta version have the USB Restricted Mode enabled by default. However, it can be deactivated from the Settings app under Touch ID and Passcode.
The USB Restricted Mode is not the only security feature coming with the iOS 12. As the WWDC 2018 kicked off, Apple announced a new intelligent tracking prevention feature, which would come with the next version of the Safari browser on macOS Mojave, as well as, iOS 12. The new feature in Safari will empower the user to restrict any tracking from social media sites that come loaded with “Like” or “Share” buttons. Now, when a website looks to track a user on Safari, the user would get a notification asking for permission.
Talking about the new feature, Craig Federighi, Apple’s Senior Vice President for Software Engineering, said: “We have all seen the ‘Like’ buttons and ‘Share’ buttons, and these ‘Comment’ fields. Well, it turns out, these can be used to track you, whether you click on them or not. And so this year, we are shutting that down.” Federighi also showcased the pop-up that asks for the permission every time a Safari browser detects any app trying to access the cookie information.
Further, the 2FA authentication will also debut with the iOS 12 offering added security in the form of a six-digit PIN sent via Messages. Earlier, a user had to retrieve the time-sensitive code and then enter it, which took a lot of time. With the iOS 12, the 2FA security notification codes will be available as auto-fill options. However, the auto-fill feature is not compatible with the external 2FA apps, like Google Authenticator, and there is no word over the addition of the same going ahead.
Another security feature in the iOS 12 is the Password Reuse Auditing, which keeps track of the saved passwords and flags similar passwords for different accounts. The Reuse Auditing feature can be accessed in Settings > Password & Accounts> Website & App Password. Accounts with identical passwords would be represented with a triangle. Apple also included a way to disable the Face ID briefly. The feature would come in handy if you know that the physical security on the iPhone is about to be compromised.
