Here’s How Law Enforcement can Work Around USB Restricted Mode

1 minute read
| News

Apple added a new feature in iOS 11.4.1 called USB Restricted Mode to block anyone from using the Lightning port to hack into your iPhone or iPad. Now a security researcher says it’s stunningly easy to work around by simply plugging a dongle into the port.

Cellebrite's servers hit with data breach

It’s surprisingly easy to work around USB Restricted Mode

 

USB Restricted Mode is designed to block iPhones and iPads from connecting to computers and other devices if they haven’t been unlocked or connected to a trusted accessory for more than an hour. The idea is that if your device is stolen or confiscated, there’s no more than 60 minutes before the device locks down the Lightning port so no data can pass through.

Elcomsoft’s Oleg Afonin says,

What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.

This trick works only if it’s been less than an hour since the iPhone or iPad was last unlocked or connected to a trusted device. If USB Restricted Mode has already kicked in the device’s Lightning port will be locked and the dongle workaround won’t work.

[How to Enable and Disable iPhone and iPad USB Restricted Mode]

Since USB Restricted Mode is a software update, there’s a chance Apple can address the workaround with a code patch. Until then, the security feature is nice, but not fool-proof.

2
Leave a Reply

Please Login to comment
2 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
geoduckLee Dronick Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Lee Dronick
Member
Lee Dronick

Has this been verified by other researchers?

geoduck
Member
geoduck

Okay but in the real world, let’s say the San B shooter a while back, it will be way over an hour before the police even find the phone, let alone pair it with something, that is if they have something to pair it with. This is a very limited workaround/vulnerability.