Pierluigi Paganini
July 10, 2018
Recently Apple released the iOS 11.4.1 that introduced a new security feature, dubbed USB Restricted Mode, designed to protect your devices against USB accessories used by forensics experts and law enforcement agencies to analyze iPhone or iPad.
The USB Restricted Mode was implemented in the latest beta versions of the iOS operating system, it disables the data connection of the iPhone’s Lightning port after a specific interval of time but it doesn’t interrupt the charging process.
Forensics hardware like the ones manufactured by Cellebrite and Grayshift firm will not be able to attempt brute-force attacks via the Lightning port.
While Apple proudly announced its new feature, experts from ElcomSoft have found a way to reset the countdown timer of USB Restricted Mode and bypass the defense mechanism.
The researchers discovered that by directly connecting a USB accessory to the iOS device within an hour after it was last unlocked would reset the 1-hour countdown.
A cheap Apple’s $39 Lightning to USB 3 Camera adapter could be used to bypass the security features, the experts also discovered that it is possible to bypass the USB Restricted Mode by using untrusted Lightning accessories, or those that have not been paired with the iPhone before.
“What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all).” reads the post published by ElcomSoft.
“In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.”
ElcomSoft researchers are also testing an unofficial and cheap Lightning to USB adapters to bypass the security measure.
According to the experts, the issue could be easily fixed by Apple, it is probably nothing more than an oversight.
The new feature can be enabled from Settings > Face ID (or Touch ID) & Passcode > USB Accessories, by leaving the toggle disabled.
In case you need to immediately activate the feature on the iOS device before the countdown timer ends, just press the Power button five times.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Apple, USB restricted mode)
[adrotate banner=”5″]
[adrotate banner=”13″]
