Mere hours after the release of Apple’s iOS 11.4.1 update, which offers a “USB Restricted Mode” designed to prevent access to the device by third-party methods, security researchers claim they’ve discovered an easy workaround to prevent the new feature from working as intended.
USB Restricted Mode deactivates the ability to transfer data via the devices Lightning port after the device has been locked for an hour, allowing only charging through the port.
This prevents the use of hacking techniques used by law enforcement and criminals, such as the GreyKey unlocking box hardware/software combination offered by digital forensics firm Grayshift.
However, ElcomSoft researchers say by simply connecting an accessory, like Apple’s $39 Apple’s Lightning to USB 3 Camera adapter to the device before the one hour countdown is over resets the countdown. Even untrusted accessories that have never been used with the iPhone can be used to rest the countdown.
The firm is testing other adapters, including unofficial third-party adapters, to see if they can also be used to extend the one-hour countdown.
Once the USB Restricted Mode activates, the USB procedure will not work. ElcomSoft says a successful lockout can be “maintained through reboots, and persists software restores via Recovery mode. In other words, we have found no obvious way to break USB Restricted Mode once it is already engaged.”
In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.
ElcomSoft security researcher Oleg Afonin says the USB Restricted Mode loophole could be due to an oversight on Apple’s part, and could be fixed in an upcoming iOS update. Currently, the workaround works with both iOS 11.4.1 and the latest iOS 12 beta.
