“Ahh-ha!” you think to yourself. “Apple has finally made it impossible for the police to see what’s on my confiscated iPhone.”
Not quite.
Apple dropped iOS 11.4.1 today, which you should absolutely go install with the big caveat that iOS 11.4 — if you haven’t upgraded already — might cause some unintended battery issues with your device.
The big change in this relatively minor update is the inclusion of Apple’s new USB Restricted mode, which supposedly makes it a lot more difficult for someone to brute-force their way into your device or make use of any other clever exploit, deployed via an iPhone or iPad’s Lightning port, to get past your device’s passcode.
USB Restricted Mode is enabled by default once you install iOS 11.4.1, even though Apple has made the wording a little tricky.
If you hit up the Settings app, tap on Touch ID or (Face ID) & Passcode, authenticate in, scroll down, and look for the “USB Accessories” option, it’s disabled. That’s what you want, though. That means that your iPhone or iPad won’t allow USB devices to connect after your device has been locked for an hour.
Flip it on, and you’re turning off USB Restricted Mode — any physically connected USB devices will be able to access your phone. So, when you get pulled over and arrested, the police will be able to break into your device using their fancy tools.
Or, rather, as Apple puts it, USB Restricted Mode gives you more safety against hackers and such, because that was the reason for the feature’s creation. Mm-hmm.
Apple’s support page notes that you might need to unlock your iPhone or iPad in order for a connected USB accessory to work. That includes accessories that power your iPhone or iPad:
Starting with iOS 11.4.1, if you use USB accessories with your iPhone, iPad, or iPod touch, or if you connect your device to a Mac or PC, you might need to unlock your device for it to recognise and use the accessory. Your accessory then remains connected, even if your device is subsequently locked.
If you don’t first unlock your password-protected iOS device — or you haven’t unlocked and connected it to a USB accessory within the past hour — your iOS device won’t communicate with the accessory or computer, and in some cases, it might not charge. You might also see an alert asking you to unlock your device to use accessories.
What Apple doesn’t mention — and we wonder if there will soon be an iOS 11.4.2 to correct this — is that apparently it isn’t that difficult to bypass USB Restricted Mode in some instances.
If it’s enabled on a device and the hour time limit has passed, a third party won’t be able to connect some magical device and break into your iPhone or iPad. However, if someone confiscates your device and plugs in the right USB accessories, they can actually prevent this one-hour countdown from happening.
As Elcomsoft’s Oleg Afonin describes:
What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.
Our advice? If you’re up to no good and you’re about to get caught, try thinking of a more creative approach for concealing your smartphone’s contents. Or, better yet, don’t use your brand-new iPhone X to run your crime syndicate.
Comments