iOS 12 developer beta 4 requires device to be unlocked before connecting any USB accessori...

AppleInsider

Your iPhone's Lightning port will be even more locked down come iOS 12, which has adding an additional layer of security in the fourth developer beta.

The change in the latest beta of iOS 12 is building on USB Restricted Mode which disables the Lightning port of an iOS device one hour after last being unlocked. The Lightning port could still be used for charging, but no accessories would be able to function until unlocked.

In the fourth developer beta of iOS 12, a passcode is required any time a computer or USB accessory is connected.

Before the change, authorities or criminals would have an hour since last unlock to connect a cracking device, like the GreyKey box. Now, they don't have that hour, making it that much more difficult to brute force a password attempt into a device.

Users could, in iOS 11.4.1, manually enable USB Restricted Mode by enabling SOS after pressing the side button five times, but now that may no longer be necessary.

USB Restricted Mode recently launched with iOS 11.4.1 as a way to more thoroughly protect the data within iOS devices. Apple has made it clear that they were not creating this security measure solely to make law enforcement live's more difficult but to prohibit anyone from gaining access to a phone that isn't theirs. Any security hole exploited by law enforcement can just as easily be used by a criminal.

jbdragon

I'm seeing this with the newest version of iOS11. I have a lightning plug extension so I can plug my iPhone into my iHome Dock. I've notice that it says I have to unlock the phone to use the accessory. If I don't, my phone won't even charge up.

Mike Wuerthele

jbdragon said:

I'm seeing this with the newest version of iOS11. I have a lightning plug extension so I can plug my iPhone into my iHome Dock. I've notice that it says I have to unlock the phone to use the accessory. If I don't, my phone won't even charge up.

That's a little bit different. The iHome is using a different (and older) iOS connectivity protocol than most. This is fine, but the older protocol will require that unlock every time.

This change is for every protocol, it appears. We're still looking into it.

2oh1

I'm seeing this in the latest version of iOS 11 too, using the standard Apple lightning cable that came with my iPhone, connected directly to my late 2014 Mac Mini.

Interestingly, I didn't notice the change after I updated iOS.  Instead, I noticed it after I updated Mac OS this most recent time, though that could just be a coincidence.

Mike Wuerthele

2oh1 said:

I'm seeing this in the latest version of iOS 11 too, using the standard Apple lightning cable that came with my iPhone, connected directly to my late 2014 Mac Mini.

Interestingly, I didn't notice the change after I updated iOS.  Instead, I noticed it after I updated Mac OS this most recent time, though that could just be a coincidence.

This is probably the re-authentication of a trusted device that happens periodically, notably after an OS update. We'll add this to the testing regimen, though.

djsherly

What about CarPlay? Is that affected? Right now I plug in and the audio goes seamless from headphone to my cars head unit. Hopefully that doesn’t change. 

dewme

When I answered a phone call on my iPhone 6+ after it had been plugged into my iMac for a couple of hours I noticed the charging indicator was not turned on. Only after I unlocked my phone did the charging indicator turn on with the usual "doink" sound. So I'm not sure at this point whether charging is being inhibited by the USB Restricted Mode logic. Since I'm not sure about what's really happening I just turned OFF the USB Restricted Mode feature (by turning ON the USB Accessories setting). For the time being I'm willing to live with the risks. 

While we've all been slinging around the term "USB Restricted Mode" and mostly understand what it means, I fear that less technically savvy iPhone/IPad users are going to be completely oblivious to what the USB Accessories switch is really for. In fact, Apple's placement of a tiny text explanation for the USB Accessories setting beneath the Allow Access When Locked control group is what I'd call an "apology" for what they already know will be a source of confusion to some users. Of the seven (7) controls in the group only one warranted an on-screen apology. I guess we should be happy that none of the other controls required an apology because the UI would be more cluttered. Simplicity is a good thing in a UI model, but there are times when it paints you into a confusing little corner and you have to throw up you're hands and say "I'm sorry" and you have to bend or break the model. This is such a case.

tokyojimu

Will I have to unlock it every time I stick it in the dock in my car?

2oh1

Mike Wuerthele said:

2oh1 said:

I'm seeing this in the latest version of iOS 11 too, using the standard Apple lightning cable that came with my iPhone, connected directly to my late 2014 Mac Mini.

Interestingly, I didn't notice the change after I updated iOS.  Instead, I noticed it after I updated Mac OS this most recent time, though that could just be a coincidence.

This is probably the re-authentication of a trusted device that happens periodically, notably after an OS update. We'll add this to the testing regimen, though.

Nope.  Every time I plug my iPhone into my Mac, if it isn't unlocked, I'm getting a message that says "Unlock iPhone to use accessories."  I never got that message until recently.  I'm on the latest version of iOS 11 and Mac OS High Sierra.  I'm not using their an iOS or Mac OS beta.

radarthekat

I recall a poster here suggested exactly this in an earlier artcle about the one hour delay.  I don’t recall that poster’s name/handle, but good call.  

IreneW

I have tried looking at the docs for the beta, but cannot find any detailed information about how this is supposed to work. For most users this "feature" as well as the current restricted mode is just confusing (especially when it disallows charging, which is just dumb).

Why not just fix the underlying problem instead; that USB input could circumvent the password entry limits and delays? If the security mechanism is completely embedded in the secure enclave (as it should be), then it shouldn't matter what the source of the password is.

There is something fishy going on here, which wouldn't really bother me if it didn't result in this confusing and hard to explain behavior. Try writing a (somewhat) complete test spec for this...

airnerd

radarthekat said:

I recall a poster here suggested exactly this in an earlier artcle about the one hour delay.  I don’t recall that poster’s name/handle, but good call.  

I need to hear more details on this, but that may have been me.  I have been asking for them to add a toggle  for Control Center where I can disable any data from ever being shared over the lightning port.   Then if I'm worried about it, I disable it.  if I'm not, I enable data over lightning port.  

netmage

IreneW said:

Why not just fix the underlying problem instead; that USB input could circumvent the password entry limits and delays? 

That story was retracted - USB input doesn't allow that.
But it is an attack surface that has proven successful in the past, and fixing newly discovered vulnerabilities will be done, but prevention is a lot more secure as it protects from unknown vulnerabilities as well.