Why it matters: Apple released version 11.4.1 of iOS yesterday and with it came the new feature called “USB Restricted Mode” that we first reported on back in May. The security measure turns off the data transfer capabilities of the Lightning port if the phone has been locked for more than an hour.
Apple added Restricted Mode as a countermeasure against physical cracking devices such as GrayKey (which has been used by law enforcement) that exploit a USB connection to unlock the phone. Unfortunately, a security firm has already found a loophole to get around the feature.
According to researchers at ElcomSoft, if a USB accessory is plugged into the phone before the one-hour time limit has elapsed, it will reset the counter. Furthermore, the device does not even have to have ever been used with the phone before.
The firm says the exploit works with any number of readily available accessories. It even successfully used a $38 Lightning to USB3 camera adapter manufactured by Apple to reset the timer. It is still performing more tests using various connectors, but so far the only thing they have found that does not work is the Lightning to 3.5mm adaptor ($9).
The concern with the security hole is that attackers could exploit it to buy themselves enough time to transport the phone to a place where it can be cracked. ElcomSoft’s Oleg Afonin used law enforcement as an example.
“Once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour,” he said.
Of course, the exploit requires that the attacker gain physical access to the phone within one hour of the last time it was unlocked, but according to Afonin, this is not much of a problem.
“What are the chances that the device is seized within an hour after last unlock? Quite high,” he says. “We were not able to find recent stats, but even two years ago an average user unlocked their iPhone at least 80 times a day.”
It is unclear if this is an issue that Apple can fix with a patch. When considering whether developers could rectify the problem in subsequent versions of iOS, Afonin states, “It seems highly unlikely simply because of the humongous amount of MFi devices that aren’t designed to support such a change. Theoretically, iOS could remember which devices were connected to the iPhone, and only allow those accessories to establish connectivity without requiring an unlock – but that’s about all we can think of.”
We will have to wait and see how Apple responds to the situation.