Security Market Segment LS
Tuesday, 10 July 2018 10:45

Researcher outlines way past new iOS restriction

Researcher outlines way past new iOS restriction Pixabay

A feature in version 11.4.1 of iOS — known as USB Restricted Mode — will disable the Lightning port after an hour of the device being unlocked, but it can be bypassed for now, a researcher claims. The new version has just been released.

Oleg Afonin, of the desktop and mobile forensic tools maker Elcomsoft, wrote that the new feature disabled data connectivity of the Lightning connector after an hour since the device was last unlocked or an hour since it was disconnected from a trusted USB accessory.

The USB port could also be disabled manually. The new feature has been widely said to be aimed at companies like GrayShift and Cellebrite which make devices that can discover the passcodes of iPhones.

Focus on the iPhone's security has grown after the FBI had a stoush with Apple in 2016 over gaining access to a device used by a terrorist to kill people in San Bernardino, California, in December 2015.

The agency subsequently gained access to the device through the services of a private firm known as Cellebrite. More recently, another company, GrayShift, has been reported to be selling devices to unlock the latest iPhones.

Afonin said several tests had shown that USB Restricted Mode, once engaged, did not disappear due to reboots or a software restore.

He said there was a good chance that a device would be seized within an hour after being last unlocked as statistics had shown that iPhone users unlocked their phones at least 80 times a day.

According to Apple, users may have to unlock their passcode-protected iOS devices in order to connect them to a PC, Mac or a USB accessory after one hour since the device has been last unlocked or disconnected from a trusted USB accessory or computer.

But Afonin said he had found that iOS would reset the USB Restricted Mode timer if the device was connected to an untrusted USB accessory.

"In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode," he wrote.

He listed the following steps for preventing USB Restricted Mode from being engaged:

  • Connect the iPhone to a compatible Lightning accessory (such as the official Lightning to USB 3 Camera Adapter).
  • Plug external battery pack to the adapter (to avoid iPhone battery drain).
  • Place the entire assembly in a Faraday bag.

"According to our tests, this effectively disables USB Restricted Mode countdown timer, and allows safely transporting the seized device to the lab," Afonin said.

"If you get a message that the device should be unlocked in order to use the accessory (when you connect it), then USB restricted mode has been activated already, and there is nothing you can do about that, sorry."

But he said it was only a matter of time until Apple released an update to prevent these workarounds.

"The ability to postpone USB Restricted Mode by connecting the iPhone to an untrusted USB accessory is probably nothing more than an oversight. We don’t know if this behaviour is here to stay, or if Apple will change it in (the) near future."

Afonin has been following the development of USB Restricted Mode in iOS and has written two posts in May and June about the feature.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments