Being the tech-leader, Apple is not as prone to vulnerabilities as other OS; but claiming that the iOS has no viruses, would be an overstatement. Even the first virus—Elk Cloner—affected this so-called impervious Apple rather than any other machine. We have been witnessing how Apple is practicing measures to protect its users, one of the newest addition is the USB restricted mode; that toyed up back in May, and finally included in the latest version iOS 11.4.1 beta. The new mechanism blocks the passcode cracking tools favored by law enforcement, rendering the accessibility to any third-party software after the screen locked for an hour.
Recently, the emergence of devices like the GrayBox, allowing third parties to gather data from your iPhone through the Lightning port without unlocking your device beforehand. Although these devices are ostensibly designed for law enforcement, but still taking security-hole advantage and could exploit anyone theoretically. Thanks to Apple for shouldering the responsibility to plug this particular hole, despite the protestations of law enforcement.
What Is USB Restricted Mode?
The USB Restricted Mode first appeared in iOS 11.3 beta. The idea behind USB Restricted Mode is ingenious, directly targeting passcode cracking solutions developed by Cellerbrite and GrayShift. Initially, the feature was not user-configurable, but it could be disabled via corporate policies and device management solutions, but now it’s configurable; scroll down and configure.
Restricted mode disables USB access after the phone has been locked for one hour. This new mode buried under your passcode settings, adding additional security to your iOS device, here’s how to toggle;
- Go to Settings.
- Tap Face ID & Passcode or Touch ID & Passcode.
- Enter your passcode here.
- Toggle next to USB Accessories under Allow Access When Locked If it’s in the green “on” position. Don’t worry! USB devices will have the same level of accessibility that they’ve previously.
As the feature kicks in, zero data will be communicated over the USB port once this feature kicks in; transmitting no information but charges off the computer’s USB port.
Do you know? Companies behind devices like the GrayBox have already said that they can beat this new USB Restricted Mode; let’s wait and see whether that’s true or not, and what Apple will do to respond.
The Not So Good Aspects Of USB Restricted Mode
Technology never pops without a workaround or counter-effects; cybersecurity researchers have found a loophole that resets the one-hour counter as you plug a USB accessory into the iPhone’s Lightning port, regardless of whether the connected accessory is known to you phone or not.
While performing tests, a researcher Oleg Afonin confirmed that USB Restricted Mode persists software can be restored via Recovery mode and maintained through reboots. In other words, there’s no obvious way to break USB Restricted Mode once it is engaged.
But hold on! iOS resets the USB Restrictive Mode countdown timer to any an untrusted USB accessory, one that has never been paired or connected. So, whenever the police seize an iPhone, he or she would immediately connect that iPhone to a compatible USB accessory and that prevent USB Restricted Mode from activating.
Even Apple’s own Lightning USB 3 Camera adapter, that easily resets the restricted mode; other cheap third party ones, are under observation, let’s see their counter ability. This seems not a severe vulnerability and nothing more than an oversight. It means that law enforcement if they feel like or want to go through the effort, they can design systems to bypass this tool.
Anyways, USB Restricted Mode Is Not The Only Option To Get Protected?
Internet Communications are going dark with every new yet destructive cyber policies, even the U.S. spy and law enforcement agencies have started complaining that their cyber world is being controlled and restricted. Thanks to the growing use of technologies with end-to-end encryption, like VPN services to prevent being snooped; even the companies are employing VPN services from intercepting their sensitive data.
Privacy is a right, and any backdoor discovered or abused by malicious entities, even by well-meaning ones, – FBI and NSA mass surveillance- won’t be acceptable in any situation. Get the speedy VPN and forget being spied.
This article is contributed by a guest writer.
Zubair Khan – a foodie by choice and tech enthusiast by profession. He loves to get his hands into modern technology trends and share the knowledge with everyone. He is currently working fulltime for ReviewsDir as a Digital Marketing Executive. Aside of the work life, Zubair loves to travel new places and explore nature, food is still his first love though!