We have long been hearing about Apple’s upcoming USB Restricted Mode, and now, the feature is finally made available with the iOS 11.4.1 update. The feature debuted quietly on Monday as the iPhone maker has maintained that none of their security efforts are aimed at provoking the police.
Why Cops may hate the iOS 11.4.1 update?
With Apple’s new USB Restricted Mode, if the iPad and iPhone are locked for an hour straight, USB accessories will not be allowed to connect to the device, rendering tools like GrayKey useless. In case the user decides to connect a USB to the iPhone after an hour, they just need to switch on the option and remove the hour limit. Users can find the new USB accessory toggle button under the Face ID & Passcode. The switch is disabled by default.
Apple’s latest decision to crank up the security is a welcome change for the users, but would irk law enforcement agencies, who often have to unlock recovered or confiscated iPhones to get at the saved information. Apple surely knows this and has talked about it earlier.
“We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” Apple said in a statement, according to The Verge.
However, despite the claims from Apple regarding its new security feature, it appears that this new feature is not fool-proof.
USB Restricted Mode – is it fool-proof?
Researchers at ElcomSoft, a cybersecurity firm, claim that Apple’s new feature has a loophole that can be used to reset the one-hour counter for as long as the supported USB accessory is plugged into the iPhone’s Lightning port, irrespective of whether the phone has ever been connected to that accessory in the past.
“We performed several tests, and can now confirm that USB Restricted Mode is maintained through reboots, and persists software restores via Recovery mode. In other words, we have found no obvious way to break USB Restricted Mode once it is already engaged.” said ElcomSoft’s Oleg Afonin in a blog post.
Afonin notes that such a loophole is not a severe mistake, rather “nothing more than an oversight.” However, the loophole could act as the starting point if the law enforcement agencies decide to work out a solution for the new restrictive mode. Such a loophole can be used to develop another tool (just like GrayKey – a tool to unlock an iPhone) to bypass the newly added feature.
Afonin believes that after the iOS 11.4.1 update, the law enforcement agencies will need to make several changes in the ways they seize and transport the iPhone devices. Before the iOS 11.4.1 update, dumping the iPhone inside a “Faraday bag” and connecting it to the battery pack was all that the agencies needed to do to ensure the safety while transporting the device to the lab, but now this process will have to been changed.
Afonin claims that Apple’s own lightning to USB 3 camera adapter – priced at $39 – can be used to bypass the lockdown. ElcomSoft is also testing other adapters along with cheap third-party ones to identify the ones compatible with the counter.
Last month, another cyber expert claimed that they found a way to bypass the newest security feature. A report from Motherboard reported that the digital forensic firm Grayshift has “already defeated this security feature in the beta build.” Further, the report said that the cyber security firm had worked hard to “future proof” their technology.” The report seems believable as Grayshift is the one that developed the famous GrayKey tool, a $15,000 iPhone hacking device that is used by government agencies.
Forensic companies are very well aware of the impact made by Apple’s new feature on law enforcement agencies. Hence, they see this as an opportunity to develop new methods for unlocking Apple devices.
“[That moment when] 10 of the last 12 threads in my inbox have ‘USB Restricted Mode’ in the subject line, and you realize it’s just the beginning,” Shahar Tal, the vice president of research at Cellebrite, tweeted previously.
An opportunity for cops as well
Even cops see Apple’s USB Restricted Mode as an opportunity to get some relaxation in the rules related to unlocking iPhones. Recently, there were reports that the cops are pushing for warrantless searches so that they can confiscate Apple devices within a one-hour time frame and extract useful information from it.
Explaining the technical details behind these warrantless searches, a separate report from Motherboard says that by “leveraging a legal exemption known as exigent circumstances – used in emergencies to avoid the deletion of evidence, or to prevent imminent danger to life – police officers may argue they can unlock and siphon data from an iPhone without first obtaining a warrant.”
Whether or not cops get the green signal for their warrantless searches remains to be seen, but Apple had delivered on its promise of making the devices more secure. Also, it remains to be seen if the workarounds claimed by the cybersecurity firms are actually working or not.