A new flaw in iOS 11 leaves iPhones vulnerable to hacks.
iOS 11.4.1 could leave iPhones vulnerable to USB hacking
With the release of iOS 12 on the horizon, many are looking to what new features could be coming to Apple mobile device users. However, with latest patch to iOS 11, release on July 10th, has an interested feature tucked away.
The update, 11.4.1, has added the new ‘USB restricted mode.’ This setting was added to attempt to block tools used by law enforcement agencies to override iPhone users passcodes and gain access to the device.
The technology used by law enforcement is produced by a company called Grayshift. Grayshift, according to Forbes.com is run by long-time U.S. intelligence agency contractors and an ex-Apple security engineer.
Their iPhone cracking tech is called GrayKey, and uses the device’s lightning port to input potential pass-codes until the correct one is found.
What is USB restricted mode?
What the new USB restricted mode does is alter how long a devices lightning port is active after the device was last unlocked. Before iOS 11.4.1 this was an entire week, now Apple have turned it down to just one-hour. The time limit can be turned off for ‘trusted’ USB devices.
This setting is completely optional, but will be enabled by default.
Unfortunately, it already seems there is a bypass to the security update.
Cyber security firm Elcomsoft, which is registered in the Russian Federation and the Czech Republic found that connecting an untrusted USB device before the hour lock-out time is up, prevents the lightning port from locking out.
Ironically, the best USB device for doing so was an Apple lightning to USB 3.0 camera adapter, as this allows the device to be charged at the same time, as well connect a USB cracking device such as as GrayKey.
The Cyber security firm said that if the device was connected to this USB adapter and a power supply, and placed inside a faraday bag (which would prevent all incoming and outgoing radio and internet communications for the device) there would be no way for a user to prevent access to their device.
Elcomsoft did say in their blog post that iOS 11.4 made the hacking process significantly slower however.
This overslight will likely be patched quickly however, and surely will be by the time iOS 12 is rolled out.
Like other iOS 11 releases, iOS 11.4.1 is available for the iPhone 5S and up, iPad mini 2 and up and 6th generation iPod touch and up.