By now almost everybody has heard of the company GrayShift and its iPhone cracking device called GrayKey. It is a small box that law enforcement can physically attach to an iPhone to unlock it. GrayKey is meant to be used exclusively by the authorities, and GrayShift takes precautions to be sure it only winds up in the proper hands (one being the $30,000-60,000 price tag). However, as we pointed out in March, Law enforcement tools do not always remain in the right hands as was seen with the IP-Box 2 several years back.
The mere fact that there exists a physical means of unlocking an iPhone is concern enough for Apple to want to take precautions. Malicious parties could just as easily use the same vulnerabilities being exploited by GrayShift. The upcoming update to iOS is looking to address those concerns with a feature called USB Restricted Mode.
According to iOS developer documentation, the new security measure puts a one-week time limit on the iPhone’s Lightning port. If the device has not been unlocked with the passcode or been connected to a paired computer for a week or more, the port can only be used to charge the phone. Data transfer from the phone via USB will not be possible without inputting the passcode.
“To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via lightning connector to the device while unlocked – or enter your device passcode while connected – at least once a week.”
What this means is that anyone, including law enforcement, who is trying to unlock the phone via a physical connection such as GrayKey, will have at the most one week to get the job done. This limitation may be enough to thwart cracking attempts on a six-digit passcode. While GrayKey has been observed to crack simple codes in as little as two hours, longer passwords can take three or more days to break.
According to Elcomsoft, the feature was first tried out during the iOS 11.3 beta but didn’t make the final cut. Version 11.4 is currently in beta now, and the function is present, but that does not guarantee that it is ready for full implementation. It may get benched again if it causes any unforeseen issues.
USB Restricted Mode seems to provide a workaround for Apple against exploits in iOS that are not being disclosed to it by GrayShift. This feature along with the expiration dates on lockdown pairing records introduced in iOS 11.3 shows that Apple is aware of and working on solutions to physical cracking threats.