iOS 12 users must unlock their iPhones every hour to maintain USB connections

Posted:
in iOS
Apple has enhanced the USB Restricted Mode feature in the first beta of iOS 12, requiring users to unlock their iPhone once an hour to allow data transfers via the Lightning port, in an attempt to protect user data stored on iOS devices from acquisition by unlocking services employed by law enforcement officials.

Grayshift's Graykey device | Source: MalwareBytes
Grayshift's Graykey device | Source: MalwareBytes


First appearing in betas for iOS 11.3 but became more prominent in the iOS 11.4 beta, USB Restricted Mode in the latest iOS 12 beta requires the iPhone to be unlocked in order for data to be transferred through the Lightning port. According to Motherboard, the mode now prevents USB accessories from being connected if the iPhone hasn't been unlocked in the last hour.

In previous implementations, USB Restricted Mode allowed for locked iOS devices to communicate with USB accessories if the accessory was connected while the device is unlocked, and for the passcode to be entered while connected at least once a week.

The beta releases for iOS 11.4.1 and iOS 12 both have USB Restricted Mode enabled by default, but it can be disabled within the device's Settings app under Touch ID and Passcode.

The change to a one-hour limit means there is an extremely small window of opportunity for government agencies and law enforcement to use unlocking services and tools to acquire data from a device.

Firms like Cellebrite, a forensic security firm allegedly tapped to unlock an iPhone following the San Bernardino shooting, and Grayshift's GrayKey tool typically rely on having physical access to the device. As law enforcement needs to make sure the device has been unlocked within the window, it is now significantly harder to keep the iPhone in a usable state until such forensic tools can be used.

"That pretty much kills GrayKey and Cellebrite, Point3 Security director Ryan Duff advises. "If it actually does what it says and doesn't let any type of data connection happen until it's unlocked, then yes. You can't exploit the device if you can't communicate with it."

While the hour-wide window makes the unlocking process harder, there may still be a workaround. In May, security firm ElcomSoft suggested that connecting the iPhone to a paired accessory or computer while it is unlocked could extend the Restricted Mode window, while centrally-managed hardware may have the mode disabled entirely.

So far, USB Restricted Mode has appeared only in betas and not in full released versions of iOS, so its appearance in the first iOS 12 beta does not necessarily mean the security feature will be usable by the public when the mobile operating system ships.

The details of how Cellebrite and GrayKey can hack into iPhones and iPads are a closely-guarded secret, and though they could be defeated by USB Restricted Mode, it is likely the firms involved have more extreme techniques available as alternative extraction options. For example, a target device could be disassembled to allow direct access to the flash memory for copying data, with the copies then used to attack the device's password.
«1

Comments

  • Reply 1 of 22
    maestro64maestro64 Posts: 4,101member
    The cat and mouse game begins. The government is now treated like jailbreakers.

    Does this break carplay, since you could be driving more than hour and be hooked up to the car via lightning port. Imagine your driving and your navigation stopped since the lightning port just shut off.
    edited June 5 dws-2JonInAtlrepressthis
  • Reply 2 of 22
    SpamSandwichSpamSandwich Posts: 29,266member
    maestro64 said:
    The cat and mouse game begins. The government is now treated like jailbreakers.
    This is nothing new. 
    jeffharrisdws-2
  • Reply 3 of 22
    payecopayeco Posts: 118member
    maestro64 said:
    Does this break carplay, since you could be driving more than hour and be hooked up to the car via lightning port. Imagine your driving and your navigation stopped since the lightning port just shut off.
    That’s what I was curious about as well. I could see that being really annoying and causing people to turn the feature off. If so, I wonder if anyone makes some kind of adapter (Bluetooth?) that simulates a wireless CarPlay interface for vehicles without it.
  • Reply 4 of 22
    fallenjtfallenjt Posts: 3,833member
    maestro64 said:
    The cat and mouse game begins. The government is now treated like jailbreakers.

    Does this break carplay, since you could be driving more than hour and be hooked up to the car via lightning port. Imagine your driving and your navigation stopped since the lightning port just shut off.
    You have an option to turn off restriction. Would the phone recognize lightning connection and allow it while ignore the USB adapter ? I hope Apple allows this feature to be turned on remotely thru Find My iPhone.
    claire1
  • Reply 5 of 22
    dws-2dws-2 Posts: 174member
    maestro64 said:
    The cat and mouse game begins. The government is now treated like jailbreakers.

    Does this break carplay, since you could be driving more than hour and be hooked up to the car via lightning port. Imagine your driving and your navigation stopped since the lightning port just shut off.
    I suspect that a continuous connection is allowed like with carplay, but as soon as you unplugged it from the car (like at a gas station), you'd have to unlock it again before plugging it back in.
    randominternetpersonchabigjbdragonDavid H Dennis
  • Reply 6 of 22
    mknelsonmknelson Posts: 187member
    maestro64 said:
    The cat and mouse game begins. The government is now treated like jailbreakers.

    Does this break carplay, since you could be driving more than hour and be hooked up to the car via lightning port. Imagine your driving and your navigation stopped since the lightning port just shut off.
    It shouldn't be a problem in your example. My understanding is the disablement happens as a combination of there isn't a Lightning/USB connection in use AND the phone hasn't been unlocked in the past hour.
    chabigjbdragon
  • Reply 7 of 22
    SoliSoli Posts: 7,367member
    mknelson said:
    maestro64 said:
    The cat and mouse game begins. The government is now treated like jailbreakers.

    Does this break carplay, since you could be driving more than hour and be hooked up to the car via lightning port. Imagine your driving and your navigation stopped since the lightning port just shut off.
    It shouldn't be a problem in your example. My understanding is the disablement happens as a combination of there isn't a Lightning/USB connection in use AND the phone hasn't been unlocked in the past hour.
    1)  Is the connection for CarPlay considered a USB connection?

    2) It doesn't take me an hour to fill up. Perhaps if I was on the road and decided to stop for fuel and then eat at a restaurant next door I might spend more than an hour not having my iPhone plugged in.
  • Reply 8 of 22
    boltsfan17boltsfan17 Posts: 1,899member
    Soli said:
    mknelson said:
    maestro64 said:
    The cat and mouse game begins. The government is now treated like jailbreakers.

    Does this break carplay, since you could be driving more than hour and be hooked up to the car via lightning port. Imagine your driving and your navigation stopped since the lightning port just shut off.
    It shouldn't be a problem in your example. My understanding is the disablement happens as a combination of there isn't a Lightning/USB connection in use AND the phone hasn't been unlocked in the past hour.
    1)  Is the connection for CarPlay considered a USB connection?

    2) It doesn't take me an hour to fill up. Perhaps if I was on the road and decided to stop for fuel and then eat at a restaurant next door I might spend more than an hour not having my iPhone plugged in.
    I would say CarPlay is considered a USB connection. If you are using apps such as Apple Maps or TuneIn Radio, data is being transferred.
    Alex1N
  • Reply 9 of 22
    Will this affect things like lightning audio adapters? Imagine you are on a long drive and listening to an audiobook via a lightning adapter. Will you have to unlock your iPhone once an hour to keep listening? Will Apple be liable if this causes you to crash?
  • Reply 10 of 22
    sandorsandor Posts: 434member
    Will this affect things like lightning audio adapters? Imagine you are on a long drive and listening to an audiobook via a lightning adapter. Will you have to unlock your iPhone once an hour to keep listening? Will Apple be liable if this causes you to crash?

    Why wouldn't you simply pull onto the side of the road?

    That is the beauty of driving, there are parts of the road created specifically to enable non-driving tasks, so as not to endanger moving traffic & other drivers!


    jbdragonmike1racerhomie3Alex1N
  • Reply 11 of 22
    rezwitsrezwits Posts: 575member
    if the iPhone is using USB, "the clock won't start" until you disconnect. :( gees
  • Reply 12 of 22
    tjwolftjwolf Posts: 199member
    I read in another article yesterday that this option is just that - an option...as in, you'll be able to turn it off.  If so, the title of this article is misleading/incorrect.
    Alex1N
  • Reply 13 of 22
    fmalloyfmalloy Posts: 99member
    Everyone's soooooo happy!

    You want to be protected from big, bad law enforcement...while gladly and willingly handing over all your private and personal data to Google and Facebook.

    Chances of law enforcement wanting to break into your phone to get your personal data: 0.00000001%
    Chances of Facebook wanting to get your personal data: 100%

    SMH.
    Alex1N
  • Reply 14 of 22
    SoliSoli Posts: 7,367member
    fmalloy said:
    Everyone's soooooo happy!

    You want to be protected from big, bad law enforcement...while gladly and willingly handing over all your private and personal data to Google and Facebook.

    Chances of law enforcement wanting to break into your phone to get your personal data: 0.00000001%
    Chances of Facebook wanting to get your personal data: 100%

    SMH.
    Posting a picture of you on vacation ≠ handing over account passwords and other personal data that actually needs to be secured. You'd have a better argument by saying that it's all pointless since the Experian hack probably gave countless people access to all your CC data, addresses, and workplace, and spending habits, but even that would be easily shot down.

    Do you know you can easily prove your comment is full of shit? Because law enforcement wants access to devices and pays a lot of money to companies that find ways to hack into devices instead of just getting a warrant to access your data from Facebook. It's almost as if private, personal messages you send to people via the encrypted iMessage service are not part of the data they would obtain from Facebook. 🤔
    edited June 5 lostkiwiclaire1
  • Reply 15 of 22
    maestro64maestro64 Posts: 4,101member
    payeco said:
    maestro64 said:
    Does this break carplay, since you could be driving more than hour and be hooked up to the car via lightning port. Imagine your driving and your navigation stopped since the lightning port just shut off.
    That’s what I was curious about as well. I could see that being really annoying and causing people to turn the feature off. If so, I wonder if anyone makes some kind of adapter (Bluetooth?) that simulates a wireless CarPlay interface for vehicles without it.

    There is Bluetooth carplay, but it is not widely supports, I think there is only one or two aftermarket head units which support this.
  • Reply 16 of 22
    maestro64maestro64 Posts: 4,101member
    dws-2 said:
    maestro64 said:
    The cat and mouse game begins. The government is now treated like jailbreakers.

    Does this break carplay, since you could be driving more than hour and be hooked up to the car via lightning port. Imagine your driving and your navigation stopped since the lightning port just shut off.
    I suspect that a continuous connection is allowed like with carplay, but as soon as you unplugged it from the car (like at a gas station), you'd have to unlock it again before plugging it back in.
    Actual, the box that hack the phone is a continuous USB connection and this is what Apple will be monitoring for and if you USB connection is active for an hour and has not been unlocked by you it will disable the ports. The reason this is important, it disrupts the hacking to unlock phone, it is using brute forces attack going through all the possibilities if it has to be restarted every hours the process is going to take alot longer.
  • Reply 17 of 22
    SoliSoli Posts: 7,367member
    maestro64 said:
    payeco said:
    maestro64 said:
    Does this break carplay, since you could be driving more than hour and be hooked up to the car via lightning port. Imagine your driving and your navigation stopped since the lightning port just shut off.
    That’s what I was curious about as well. I could see that being really annoying and causing people to turn the feature off. If so, I wonder if anyone makes some kind of adapter (Bluetooth?) that simulates a wireless CarPlay interface for vehicles without it.
    There is Bluetooth carplay, but it is not widely supports, I think there is only one or two aftermarket head units which support this.
    As I understand it, it uses to BT to quickly connect, but then WiFi for the actual data transmission since sending all that UI data to and from the iPhone is a lot more than BT can handle. I'm not sure if it's specifically the Bluetooth High-Speed protocols at play or something unique to Apple, but I'm assuming the former.
  • Reply 18 of 22
    gnnonignnoni Posts: 20member
    "... in an attempt to protect user data stored on iOS devices from acquisition by unlocking services employed by law enforcement officials." ...or criminals Computer security used to be relevant formerly
  • Reply 19 of 22
    pmb01pmb01 Posts: 12member
    For those asking, CarPlay isn't just a simple USB connection so it won't be affected by this. I'm still surprised Apple hasn't acquired one of these devices and reverse-engineered it to figure out how they're breaking in. Or maybe they have and the method to stop it would prevent a key feature from working.
  • Reply 20 of 22
    claire1claire1 Posts: 100unconfirmed, member
    so can an iPhone running iOS 11.2 be opened without the passcode?
Sign In or Register to comment.