Just a few hours ago Apple released a couple of updates for their software, correcting bugs and repairing security holes in MacOS, watchOS, TvOS, Safari, itunes for Windows, iCloud for Windows and IOS for IPhone and IPad.
The software patch for iOS, which updates to the 11.4.1 version, is particularly interesting as it includes a new feature, the Restricted USB Mode.
According to secure data destruction specialists, this functionality is designed to disable the Lightning port of an iPhone or iPad, preventing it from transfer data an hour after the device was locked for the last time. You can still charge your device after your Lightning port has been disabled, but you must enter your password if you want to use the port to transfer data.
In more details, the company reported that “with the iOS 11.4.1, if you use USB accessories with your iOS device, or if you connect it to a PC, you must unlock your device to be recognized. Your accessory will remain connected even if your device is subsequently locked. If you don’t unlock your iOS device, or have not unlocked it and connected to a USB accessory in the last hour, your device will not communicate with the accessory or computer, and in some cases, it may not charge. You may also see an alert asking you to unlock your device to use accessories. ”
These seem to be bad news for intelligence agencies that would like to enter a locked iPhone using GrayKey or similar tools, which use the Lightning port to help anyone with physical access to the device to enter its system without decipher the password.
For Apple and its customer’s misfortune, who like to believe that their phone is private, a solution was discovered so anybody could prevent an iPhone or iPad from getting into the Restricted USB Mode if it is applied quickly.
Secure data destruction researchers discovered that the one-hour timer can be restarted simply by connecting the iPhone to a USB accessory with no security features.
In simple words, when someone gets an iPhone, he/she must immediately connect it to a USB accessory to prevent the Restricted USB Mode from blocking the device after one hour, which only works if the Restricted Mode has not yet been activated.
According secure data destruction specialists from the International Institute of Cyber Security you don’t need to look too much, as the company itself will be delighted to sell you a Lightning to USB camera adapter for only $39. There must be even cheaper accessories that work just as well.
Apple has successfully reduced any person’s window of opportunity (whether it is a member of law enforcement or not) to enter an iPhone, but this doesn’t means that they have completely eliminated any option.
Apple will have to strength the security and privacy of their mobile devices if they want to keep their advantage over many other Android smartphones. Upgrading to the 11.4.1 version is a good start, but it still is not enough.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.