Apple takes the security of their devices very seriously, even when it’s law enforcement they’re trying to keep out. Badge or no badge, Apple wants zero unauthorized access to its user’s devices. It’s an ongoing battle, and Apple’s latest volley is USB Restricted Mode, introduced in iOS 11.4.1, which was released this morning.

The law unsurprisingly has all sorts of passcode cracking tools at their disposal, but USB Restricted Mode is designed to thwart any attempts made using said software. The mode automatically engages once the phone has been locked for one hour and prevents the use of any third-party software.

There’s a flaw, though. Discovered by researchers at cybersecurity firm ElcomSoft, the USB Restricted Mode timer can be reset by plugging in a USB accessory, regardless of whether or not the phone recognizes the accessory.

We performed several tests, and can now confirm that USB Restricted Mode is maintained through reboots, and persists software restores via Recovery mode. In other words, we have found no obvious way to break USB Restricted Mode once it is already engaged.

What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.

It’s good to hear that they weren’t able to crack the new mode. And don’t worry about the timer resetting loophole. As the ElcomSoft researcher points out, this is likely a simple oversight on Apple’s part. If so, expect it to be rectified soon.

Share This With The World!