How to use Apple's latest 'USB Restricted Mode' security feature included in iOS 11.4.1

Posted:
in iOS edited July 2018
Tucked away within the latest iOS 11.4.1 update, Apple included a new security feature that has been making headlines -- USB Restricted Mode. AppleInsider walks you through the new feature, how it works, and discusses if it really is that secure.






USB Restricted mode works like this -- one hour after iPhone, iPad, or iPod Touch was last locked, it will basically disable the Lightning port. Making it only usable for charging. If something is plugged into the Lightning port after USB Restricted mode has been enabled, it will not function unless the device is unlocked again.

iPhone Lightning Port


Apple highlights how this is intended to help prevent unauthorized access to your data by disallowing access when you haven't recently used it. While not necessarily the primary target, this includes preventing devices like the GreyKey box used by law enforcement to brute force your passcode. Any vulnerability used by law enforcement can be exploited by criminals, which is why Apple has been so steadfast in its priority to lock down your data.

How to enable it

After installing iOS 11.4.1 on your device, USB Restricted mode is automatically enabled by default.

USB Restricted Mode


To find the toggle yourself, open the Settings app on your device. Find Face ID & Passcode (or Touch ID & Passcode depending on your model). Enter your passcode, and scroll to the bottom of the page to find the USB Accessories toggle under "Allow access when locked".

When enabled, this toggle should be off and to the left. This means that USB accessories do not have access when your phone is locked.

Now, one hour after it was last locked, the Lightning port will become charge-only.

Emergency SOS


There is another useful way to turn on USB Restricted mode quicker if ever needed, which is by using Emergency SOS.

Emergency SOS allows you to call emergency services with five quick presses of the side button. When this happens, Face/Touch ID is disabled, and USB Restricted mode is enabled.

USB accessories

There are many types of USB accessories -- card readers, microphones, batteries, headphones, and more. As a byproduct of USB Restricted mode, some of these may require your phone to be unlocked before they can be used as intended or even used to charge.

Lightning cable on iPhone


Some devices can charge your phone while they are being used, but after USB Restricted mode kicks in, may require you to unlock your device before they are able to charge.

Apple's support page says "If you don't first unlock your password-protected iOS device-- or you haven't unlocked and connected it to a USB accessory within the past hour-- your iOS device won't communicate with the accessory or computer, and in some cases, it might not charge. You might also see an alert asking you to unlock your device to use accessories."

How secure is it?

USB Restricted mode is clearly more secure than before, though there are certainly going to be vulnerabilities.

Soon after iOS 11.4.1 was released, security researchers were already looking for ways to bypass this latest security measure.

USB Restricted mode in settings


They seem to have been partially successful as well, noting that some accessories, such as Apple's USB 3 adapter will unintentionally extend the one hour window. GrayShift, maker of the GreyKey box, also claims to have already defeated USB Restricted mode, though it remains to be seen how they've managed this.

We will have to wait to see how Apple responds, and in what ways USB Restricted mode may change.
Alex1N

Comments

  • Reply 1 of 9
    smiffy31smiffy31 Posts: 202member
    So they have not found a work around "or you haven't unlocked and connected it to a USB accessory within the past hour" they simply plug a device into the phone before the hour is up, exactly as described in the documentation. iOS does not stop the accessory from working when the hour is up.

    Alex1N
  • Reply 2 of 9
    JohnDeeJohnDee Posts: 50member
    Why the 60 mins delay ?
    I would have thought that any start of port access without the phone being unlocked should be impossible.
    edited July 2018
  • Reply 3 of 9
    eightzeroeightzero Posts: 3,056member
    OK, again to be sure: we've tested, and know for sure if you left your phone for >1 hour, it will still charge when plugged in even if you didn't unlock it before plugging in? Another forum here indicated to the contrary.

    I warned my wife about this: "you'll need to unlock your phone before you plug it in." She was incensed. "More things to remember that don't work unless you know the secret handshake?" Now I (maybe?) get to tell her, "no, I was wrong. I didn't get the right secret handshake."

    I guess how it is represented here makes sense. I fully drained, dead iPhone can't be unlocked, and thus hard to recover it if you can't charge while locked.

    Still waiting for reports on this weeks' updates before I try any. 
  • Reply 4 of 9
    Mike WuertheleMike Wuerthele Posts: 6,858administrator
    eightzero said:
    OK, again to be sure: we've tested, and know for sure if you left your phone for >1 hour, it will still charge when plugged in even if you didn't unlock it before plugging in? Another forum here indicated to the contrary.

    I warned my wife about this: "you'll need to unlock your phone before you plug it in." She was incensed. "More things to remember that don't work unless you know the secret handshake?" Now I (maybe?) get to tell her, "no, I was wrong. I didn't get the right secret handshake."

    I guess how it is represented here makes sense. I fully drained, dead iPhone can't be unlocked, and thus hard to recover it if you can't charge while locked.

    Still waiting for reports on this weeks' updates before I try any. 
    Power is uninterrupted, and will still charge the device even if USB Protected is active and you plug in the cable. A new data connection cannot be forged after that hour.
    edited July 2018 dewmekuduAlex1N
  • Reply 5 of 9
    eightzeroeightzero Posts: 3,056member
    eightzero said:
    OK, again to be sure: we've tested, and know for sure if you left your phone for >1 hour, it will still charge when plugged in even if you didn't unlock it before plugging in? Another forum here indicated to the contrary.

    I warned my wife about this: "you'll need to unlock your phone before you plug it in." She was incensed. "More things to remember that don't work unless you know the secret handshake?" Now I (maybe?) get to tell her, "no, I was wrong. I didn't get the right secret handshake."

    I guess how it is represented here makes sense. I fully drained, dead iPhone can't be unlocked, and thus hard to recover it if you can't charge while locked.

    Still waiting for reports on this weeks' updates before I try any. 
    Power is uninterrupted, and will still charge the device even if USB Protected is active and you plug in the cable. A new data connection cannot be forged after that hour.
    OK, kewl. Thanks for the confirmation.
    Alex1N
  • Reply 6 of 9
    bonobobbonobob Posts: 382member
    I don’t understand the one hour delay.  I would much prefer to be prompted for a passcode every time I plug in a data device.   That would be significantly more secure. 
    Alex1N
  • Reply 7 of 9
    dewmedewme Posts: 5,328member
    eightzero said:
    eightzero said:
    OK, again to be sure: we've tested, and know for sure if you left your phone for >1 hour, it will still charge when plugged in even if you didn't unlock it before plugging in? Another forum here indicated to the contrary.

    I warned my wife about this: "you'll need to unlock your phone before you plug it in." She was incensed. "More things to remember that don't work unless you know the secret handshake?" Now I (maybe?) get to tell her, "no, I was wrong. I didn't get the right secret handshake."

    I guess how it is represented here makes sense. I fully drained, dead iPhone can't be unlocked, and thus hard to recover it if you can't charge while locked.

    Still waiting for reports on this weeks' updates before I try any. 
    Power is uninterrupted, and will still charge the device even if USB Protected is active and you plug in the cable. A new data connection cannot be forged after that hour.
    OK, kewl. Thanks for the confirmation.
    Second that. 
    Alex1N
  • Reply 8 of 9
    Power is only uninterrupted if the USB port does not also provide data. If the IOS devices senses data on the USB port, it needs to be out of USB Restricted Mode before charging starts.

    if you’re in restricted mode, your iPhone will not charge when plugged into a Mac using a USB to lightning cable. You need to unlock the device to start charging. Same results when I plug into the USB port on my car. If you plug the device into something like an Anker wall charger, it will charge, even if in restricted mode. I can test it on my Sony stereo with CarPlay later on.

    You can force your device into restricted mode before the 1 hour timeout by locking it then hitting the power button rapidly 5 times. Cancel the emergency call screen and you’re in restricted mode (and your fingerprint sensor is also temporarily disabled). At this point, it won’t start charging if you plug it into a power/data USB port on your computer/vehicle.

    I submitted feedback to Apple yesterday morning on this issue.
    edited July 2018 Alex1N
  • Reply 9 of 9
    dcgoodcgoo Posts: 280member
    Power is only uninterrupted if the USB port does not also provide data. If the IOS devices senses data on the USB port, it needs to be out of USB Restricted Mode before charging starts.

    if you’re in restricted mode, your iPhone will not charge when plugged into a Mac using a USB to lightning cable. You need to unlock the device to start charging. Same results when I plug into the USB port on my car. If you plug the device into something like an Anker wall charger, it will charge, even if in restricted mode. I can test it on my Sony stereo with CarPlay later on.
    Mine does not exhibit this behavior. When plugged into a charger, it simply starts charging.  When plugging in to my MacBook Pro (USBC to Lightning), it first pops the USB accessories not allowed until unlocked, but then commences to charge. 
Sign In or Register to comment.