Grayshift claims it defeated Apple's forthcoming 'USB Restricted Mode' security feature

Posted:
in iPhone edited July 2018
Grayshift, the digital forensics firm that markets the GrayKey iPhone unlocking tool, says it already has a workaround for Apple's upcoming "USB Restricted Mode," an iOS 12 security feature that effectively disables hardwired USB data connections in a bid to protect user information.

GrayKey
Grayshift's Graykey device | Source: MalwareBytes


On Wednesday, Apple confirmed USB Restricted Mode will be introduced to consumers in a future version of iOS.

The feature, which has been in testing since iOS 11.3 but is enabled by default in the first iOS 12 beta seed, affords a high level of protection from external brute force attacks by cutting off data connections with USB accessories after a predetermined time period.

Initially, USB Restricted Mode required accessories to be connected to an unlocked device, or prompted users to enter their device passcode, at least once per week. Under current operating protocols, however, that window of opportunity has been reduced to an hour.

In other words, when the feature is active, a passcode is required when attempting to transfer data to or from a USB accessory connected to an iPhone that has not been unlocked within the prescribed one hour time limit.

For law enforcement agencies relying on iPhone unlocking solutions like Grayshift's GrayKey, USB Restricted Mode poses a significant hurdle to accessing a target device. Officials only have an hour to secure a warrant to access the device, attach the USB-based GrayKey tool and perform a brute force attack.

However, according to email correspondence between Grayshift and an unnamed forensics expert seen by Motherboard, the forensics firm has seemingly found a workaround to Apple's solution.

"Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build," the email reads. "Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on."

Exactly how the company managed to defeat the USB lockdown is unclear. Further details of the supposed workaround are unavailable, though a second person responding to the original email noted Grayshift "addressed" USB Restricted Mode in a recent webinar. Whether that session outlined a successful exploit is also unclear.

Other digital forensics firms are working on similar workarounds. ElcomSoft in May suggested it might be possible to extend USB Restricted Mode's window beyond the hour-long restriction by connecting an iPhone to a paired accessory or computer while it is unlocked. The company added that dedicated hardware could potentially disable the feature completely.

For its part, Apple says the feature is designed to protect its customers from hackers and other ne'er-do-wells, not to stymie legitimate law enforcement investigations.

"We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data," Apple said in a statement provided to AppleInsider. "We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs."

The feature is, however, useful in preventing unwarranted government access in countries that do not afford consumers the same protections as U.S. laws.
«13

Comments

  • Reply 1 of 42
    dws-2dws-2 Posts: 238member
    Back and forth. Nothing is secure, but some things are more difficult/costly/time-consuming to hack.

    One of my friends is a city prosecutor, and Android-based phones are no problem to get into, but iPhones are much more difficult.
    Muntzmagman1979lostkiwiairnerdSendMcjaklongpathwatto_cobra
  • Reply 2 of 42
    lkrupplkrupp Posts: 7,304member
    Who knows but one thing is true. Apple can only go so far with security before it starts to affect usability and the customer experience. If you lock something down too tight it becomes too difficult to use.
    muthuk_vanalingamAlex1Nwatto_cobra
  • Reply 3 of 42
    roakeroake Posts: 663member
    “We defeated the USB lock!”

    Next day...

    AppleInsider reports a new iOS 12 beta release that further tightens USB lock security features, rendering Greyshift’s workaround worthless.
    edited June 2018 fastasleepMuntzmagman1979longpathwatto_cobrajony0
  • Reply 4 of 42
    optikoptik Posts: 25member
     I think one would be wise to let the user decide 
     How difficult it will be to use if such features can be enabled 🙄
  • Reply 5 of 42
    k2kwk2kw Posts: 1,802member
    lkrupp said:
    Who knows but one thing is true. Apple can only go so far with security before it starts to affect usability and the customer experience. If you lock something down too tight it becomes too difficult to use.
    Apple should worry about poking the Bear.  Never now when ill will can cause problems or turn into Media disaster.
    williamlondon
  • Reply 6 of 42
    eightzeroeightzero Posts: 2,483member


    Exactly how the company managed to defeat the USB lockdown is unclear. Further details of the supposed workaround are unavailable, though a second person responding to the original email noted Grayshift "addressed" USB Restricted Mode in a recent webinar. Whether that session outlined a successful exploit is also unclear.


    If their claim of "defeat" requires it is plugged into something before the 1 hour expires, that is not a defeat, and they are simply lying.
    Muntzmagman1979williamlondonmattinozrandominternetpersonMacPromacplusplusmazda 3slongpathjony0
  • Reply 7 of 42
    zebrazebra Posts: 35member
    As a user, I want to to be able to lock out my phone based on a simple principle. I have nothing to hide from anyone except to those who would use the banal information on my iPhone to harm me or those I know. That includes any government agency that would grab my phone because of my political affiliation. Look what happened to Cohen! If they can confiscate his clients' files and search for some wrongdoing because of his connections, they can do it to any of us. I don't trust some "government" in America any more than common hackers.
    spinnydmattinozSpamSandwichjmey267anton zuykovwatto_cobrajony0
  • Reply 8 of 42
    SoliSoli Posts: 9,259member
    lkrupp said:
    Who knows but one thing is true. Apple can only go so far with security before it starts to affect usability and the customer experience. If you lock something down too tight it becomes too difficult to use.
    While security traditionally comes at the cost of user convenience, it's not always the case, which is something Apple has proven with their biometrics. I see no reason why Apple can't advance their ML to know that a device isn't being unlocked via USB in a normal location (e.g.: a geo-fence location and/or WiFi network á la your home, which could mean requiring the passcode immediately even if it's a known computer), considering if the gyro and accelerometer are not moving enough (e.g.: like if it's placed flat on table while attempting to be unlocked repeatedly), and/or characters to unlock the device being entered with precise, digital timing like a machine—because it is—instead of like a human moving their fingers to press characters which would take a variable amount of time depending on the character distance and the user's personal typing pattern  (see Google's reCAPTCHA for a simplified example of how that might work to detect whether a human is involved).

    And those are three things off the top of my head. Add in there the potential for new Apple silicon that will act as an extra layer of security between the system that will keep track of these actions even when the core system is reset in a way that keeps GreyKey's reset mechanism from wiping the device and I think Apple can end up making it increasingly harder for hackers without causing the user any additional effort.


    PS: Regardless, I'd use Apple full keyboard instead of just a 6-digit PIN to access my device. With their American English keyboard you have nearly 2 billion combinations with just 4 characters if you employ their very special characters (á la long press on a key). If and when Emoji are ever allowed the palette opens up to around a BASE-1000 system and may even be easier for people to remember since ideograms can be more relatable to an individual than individual characters.
    edited June 2018 rob53spinnydmagman1979longpathAlex1Nwatto_cobra
  • Reply 9 of 42
    rob53rob53 Posts: 2,084member
    I continue to wonder why companies like GreyKey aren’t treated like hackers and arrested. Unless the NSA is fronting them, they are common criminals not a police force and should be treated as such. 
    Muntzmagman1979williamlondonrandominternetpersonMacProMisterKitstourqueairnerdjmey267chasm
  • Reply 10 of 42
    fastasleepfastasleep Posts: 3,161member
    lkrupp said:
    Who knows but one thing is true. Apple can only go so far with security before it starts to affect usability and the customer experience. If you lock something down too tight it becomes too difficult to use.
    Nice FUD. Apple also has a pretty decent track record of not doing this.
    magman1979randominternetpersonStrangeDaysmwhitebaconstanglostkiwiwatto_cobra
  • Reply 11 of 42
    fastasleepfastasleep Posts: 3,161member

    zebra said:
    As a user, I want to to be able to lock out my phone based on a simple principle. I have nothing to hide from anyone except to those who would use the banal information on my iPhone to harm me or those I know. That includes any government agency that would grab my phone because of my political affiliation. Look what happened to Cohen! If they can confiscate his clients' files and search for some wrongdoing because of his connections, they can do it to any of us. I don't trust some "government" in America any more than common hackers.
    Cohen's the target of a major criminal investigation, and they had a warrant that was signed by a federal judge which indicates they're not searching for wrongdoing retroactively, and certainly not collecting "banal" information. Anyone the target of a state-sponsored investigation probably has a bit more to worry about than what is stored on their iPhone.
    Solimagman1979StrangeDaysstourquebaconstangigohmmmAlex1Nwatto_cobra
  • Reply 12 of 42
    fastasleepfastasleep Posts: 3,161member

    rob53 said:
    I continue to wonder why companies like GreyKey aren’t treated like hackers and arrested. Unless the NSA is fronting them, they are common criminals not a police force and should be treated as such. 
    What law did they break?
    SoliwilliamlondonbaconstangigohmmmSendMcjak
  • Reply 13 of 42
    lkrupp said:
    Who knows but one thing is true. Apple can only go so far with security before it starts to affect usability and the customer experience. If you lock something down too tight it becomes too difficult to use.
    Nice FUD. Apple also has a pretty decent track record of not doing this.
    Actually he's right if you take into consideration how many people turn on 2 factor authentication and then complain that when they did that, they didn't put down the right recovery email, the right trusted phone number and lost their recovery key.  

    They blame Apple when it's their own damned fault!

    watto_cobra
  • Reply 14 of 42
    SoliSoli Posts: 9,259member
    lkrupp said:
    Who knows but one thing is true. Apple can only go so far with security before it starts to affect usability and the customer experience. If you lock something down too tight it becomes too difficult to use.
    Nice FUD. Apple also has a pretty decent track record of not doing this.
    Actually he's right if you take into consideration how many people turn on 2 factor authentication and then complain that when they did that, they didn't put down the right recovery email, the right trusted phone number and lost their recovery key.  

    They blame Apple when it's their own damned fault!
    lkrupp's comment makes no allowance for back-end advances in security when he says Apple can only go so far before it starts to affect the user. He doesn't consider that Face ID and Touch ID only exist because the advancements in the iPhone, which include new tech as well as performance as we've seen with Touch ID getting faster with the 2nd gen tech (not just with SW updates). This means his comment is false unless you want to draw connections that a faster performing device means a user needs to update their device which costs money fore the user as well as Apple in R&D costs which are passed onto the user, but I think that's getting ridiculous.

    Also keep in mind that fastasleep didn't claim that Apple has a flawless track record. I'd argue that him saying it's decent isn't given Apple enough credit because security includes encrypting the drive, keeping 3rd-party apps out of your data, using randomized MAC addresses, end-to-end encryptions for iMessages, and even keeping websites from tracking you. These are security features that don't thought about much because they're not front-facing. Hell, I probably wouldn't even have brought them up for this post had it not been for WWDC being so recent, so I'd say that compared to their competitors Apple's track record in iPhone security is excellent
    edited June 2018 fastasleepbaconstangwatto_cobra
  • Reply 15 of 42
    cmd-zcmd-z Posts: 57member

    Let the one-upsmanship continue ...
    mpschaeferfastasleepStrangeDaysSpamSandwichlostkiwilongpathAlex1Nwatto_cobra
  • Reply 16 of 42
    Given the prevalence of Wireless Earphones and Charging, if I was truly up to something I would simply fill the Lightning Port with glue and remove the ability to use USB Mode for anything with the phone.

    Of course that wouldn't stop them cracking open the unit and patching in on the circuit board side but they are having to invest quite bit of effort to get started at that point.

    longpathwatto_cobra
  • Reply 17 of 42
    foggyhillfoggyhill Posts: 4,767member
    Apple is early enough in beta to shut their fracking mouths quite soon.
    Also, their whole schtick depends on the user being a moron with a short stupid password, a user using faceID or touchID doesn't need that and a real hardened criminal that has something on their phone won't use that either.

    So, those systems are mostly used again low grade idiot criminal, the fodder of any private prison system... A good source of income, Does it have any substantive impact on crime... None... But, who cares, enforcement want their cool toys and the want to roughen up some poor clueless dweeb.
    edited June 2018 stourquewatto_cobra
  • Reply 18 of 42
    fastasleepfastasleep Posts: 3,161member
    lkrupp said:
    Who knows but one thing is true. Apple can only go so far with security before it starts to affect usability and the customer experience. If you lock something down too tight it becomes too difficult to use.
    Nice FUD. Apple also has a pretty decent track record of not doing this.
    Actually he's right if you take into consideration how many people turn on 2 factor authentication and then complain that when they did that, they didn't put down the right recovery email, the right trusted phone number and lost their recovery key.  

    They blame Apple when it's their own damned fault!

    Using 2FA with Trusted Devices could almost not be any easier than it is. The rest of your premise is a scenario entirely dependent on a complete failure to do anything correctly on the part of the user.

    Soli said:
    lkrupp said:
    Who knows but one thing is true. Apple can only go so far with security before it starts to affect usability and the customer experience. If you lock something down too tight it becomes too difficult to use.
    Nice FUD. Apple also has a pretty decent track record of not doing this.
    Actually he's right if you take into consideration how many people turn on 2 factor authentication and then complain that when they did that, they didn't put down the right recovery email, the right trusted phone number and lost their recovery key.  

    They blame Apple when it's their own damned fault!
    lkrupp's comment makes no allowance for back-end advances in security when says Apple can only go so far before it starts to affect the user. He doesn't consider that Face ID and Touch ID only exist because the advancements in the iPhone, which include new tech as well as performance as we've seen with Touch ID getting faster with the 2nd gen tech (not just with SW updates). This means his comment is false unless you want to draw connections that a faster performing device means a user needs to update their device which costs money which also cost Apple in R&D which is passed on to the user, but I think that's getting ridiculous.

    Also keep in mind that fastasleep didn't claim that Apple has a flawless track record. I'd argue that him saying it's decent isn't given Apple enough credit because security includes encrypting the drive, keeping 3rd-aprty apps out of your data, using randomized Mac addresses, end-to-end encryptions for iMessages, and even keeping websites from tracking you. These are security features and they don't thought of much because they're not front facing. Hell, I probably wouldn't even have brought them up for this post had it not been for WWDC being so recent, so I'd say that compared to their competitors Apple's track record in iPhone security is excellent
    "Decent" was intentionally nerfed as what I had originally typed might've be misconstrued as Apple fanboy hyperbole. :) I agree with all of your points here.
    Soliwatto_cobra
  • Reply 19 of 42
    mac_dogmac_dog Posts: 703member
    k2kw said:
    lkrupp said:
    Who knows but one thing is true. Apple can only go so far with security before it starts to affect usability and the customer experience. If you lock something down too tight it becomes too difficult to use.
    Apple should worry about poking the Bear.  Never now when ill will can cause problems or turn into Media disaster.
    Fuck the bear! It’s attitudes like that that give more power to “the bear”. They fucking work for us! Not the other way around!
    StrangeDaysRayz2016baconstanglongpathwatto_cobra
  • Reply 20 of 42
    MacProMacPro Posts: 18,367member
    lkrupp said:
    Who knows but one thing is true. Apple can only go so far with security before it starts to affect usability and the customer experience. If you lock something down too tight it becomes too difficult to use.
    Nice FUD. Apple also has a pretty decent track record of not doing this.
    Actually he's right if you take into consideration how many people turn on 2 factor authentication and then complain that when they did that, they didn't put down the right recovery email, the right trusted phone number and lost their recovery key.  

    They blame Apple when it's their own damned fault!

    Just like when morons that give their Apple ID and password to phishing sites then scream (along with the tabloid press)  'Apple has been hacked' when their nude pictures are all over the internet.  There is ultimately no cure for idiocy, what worries me is they can vote!.
    Rayz2016baconstangwatto_cobra
Sign In or Register to comment.