08 May New Security Measure in iOS 11.4 Beta Disables USB Communication After 7 Days With No Unlock
Apple is testing a new security measure in iOS 11.4 beta that would limit the window of opportunity for hacking devices such as the GrayKey box, reports ElcomSoft.
The software update is expected to launch a new ‘USB Restricted Mode’ that disables USB communication via the Lightning port seven days after a device was last unlocked. The feature first appeared in the iOS 11.3 beta but was removed before its final release.
This is how it works:
“To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via lightning connector to the device while unlocked – or enter your device passcode while connected – at least once a week.”
At this point, it is still unclear whether the USB port is blocked if the device has not been unlocked with a passcode for 7 consecutive days; if the device has not been unlocked at all (password or biometrics); or if the device has not been unlocked or connected to a trusted USB device or computer. In our test, we were able to confirm the USB lock after the device has been left idle for 7 days. During this period, we have not tried to unlock the device with Touch ID or connect it to a paired USB device. What we do know, however, is that after the 7 days the Lightning port is only good for charging.
When in Restricted USB Mode, an iPhone or iPad will still charge but will no longer attempt a data connection. Even the “Trust this computer?” prompt is not displayed when connected to a computer and lockdown records are not honored.
This gives law enforcement and other hackers at most seven days from the time a device was last unlocked to attempt a passcode crack via a GrayKey box or similar.
Elcomsoft also notes that before iOS 11, lockdown records (used by your computer to create a new local backup) could be used to access information about a device and initiate a backup sequence without a passcode.
In addition to iTunes-style backups, the lockdown record could be used for pulling media files (pictures and videos), list installed apps, and access general information about the device. Once created, the lockdown records would not expire; however, if you power-cycle or reboot the iPhone, even a valid lockdown record will be of little use until you unlock the device with a passcode because of full-disk encryption.
iOS 11.3 has now limited the lifespan of lockdown records to seven days.
ElcomSoft concludes, “In response to the latest developments, Apple made an attempt to prevent device exploitation. USB Restricted Mode effectively disables the iPhone or iPad Lightning ports after 7 days without an unlock. While this undoubtedly strengthens overall security of iOS devices, effectively disabling logical acquisition through lockdown records after 7 days the device has been in storage, its effect on passcode unlocking techniques developed by Cellerbrite and GreyShift is yet to be seen.”