The upcoming iOS 12 beta has revealed quite a major security update for modern iPhone users – access to the device will be locked while being plugged as a USB. In theory, this makes it impossible for hackers, and law enforcers alike, to have unauthorized access to an iPhone while it’s plugged via the Thunderbolt. However, more eagle-eyed Apple users may have discovered a fatal and major flaw in the Apple USB security update – will this be fixed?
Trouble brews with Apple’s newly-launched USB Restricted Mode feature which just got released with the recent 11.4.1 update yesterday. The feature was supposedly there to protect iPhones versus unrestricted access via USB, especially when hackers or law enforcement use USB devices to crack locked iPhones. However, it appears there’s a huge catch when this feature is being used, and it can cause huge problems to users.
USB Restricted Mode disables any form of USB access when the phone has been locked for more than an hour, but there appears to be a loophole to the system. Researchers with security company ElcomSoft found out that the one hour timer will be reset if you use a USB accessory with the iPhone in question within the window. This doesn’t matter whether or not the accessory has been used with the phone in question or not.
This is tricky, when tests have also shown that the iPhone’s very own Lightning to USB 3 camera adapter helps with the bypass. ElcomSoft is now testing what other adaptors make the bypass work, as the Lightning to 3.5mm adaptor doesn’t produce the same bypass effect.
Oleg Afonin of ElcomSoft said that when law enforcement officials seize iPhones, this means they will have to immediately jack up a compatible USB accessory in order to avoid being locked out of the device within an hour thanks to USB Restricted Mode. When asked if a device can be seized within an hour after the last known unlock, he said it’s very likely – given users do unlock their iPhones on an average of 80 times on a given day.
ElcomSoft doubts the loophole within Restricted Mode has been something intended, however, and may simply be some form of oversight. Since Apple did add the Restricted Mode feature to make sure hackers and law enforcement won’t be able to access iPhones in the first place, Apple may simply just need to add a workaround with the Restricted Mode feature.
You May Also Like: