Apple’s latest version of iOS, released yesterday, includes USB Restricted Mode, a security measure that seems designed to prevent unwanted decryption of iPhones by both bad actors and law enforcement using passcode cracking tools.
Apple’s latest version of iOS, released yesterday, includes USB Restricted Mode, a security measure that seems designed to prevent unwanted decryption of iPhones by both bad actors and law enforcement using passcode cracking tools.
But a team of researchers claim they have found a loophole. While that may be good news for law enforcement, it’s bad news for everyone else.
Apple’s new security measure is designed to disable the Lightning port’s data connection either one hour after your iPhone’s last unlocking or one hour after it has been disconnected from a trusted USB device. Security firm Elcomsoft, however, claims it has found a peculiar “workaround” when it comes to Apple’s time limit. While a Lightning to 3.5mm jack dongle won’t work, other dongles, including Apple’s own Lightning to USB 3 Camera Adapter, can allegedly reset the one-hour limit, possibly buying time for someone looking to break into a device.
ElcomSoft’s Oleg Afonin says the issue might be in how the Lightning port communicates with devices.
The researchers say finding a solution might be complicated, thanks to the sheer number of dongles and accessories that can’t be updated to prevent the apparent loophole from being exploited. One solution might involve iOS keeping a record of previously connected devices, according to Afonin.
ElcomSoft says USB Restricted Mode works as intended when enabled, and the firm’s strategy of using USB accessories will only work “if the iPhone has still not entered USB Restricted Mode.” Gizmodo has reached out to Apple for more information and will update the story accordingly.
[ The Verge]
