Apple’s attempt to prevent hackers (and law enforcement) from cracking your iPhone may have a glaring flaw. Security researchers at ElcomSoft claim to have found a loophole in the new USB Restricted Mode, which rolled out Monday as part of iOS 11.4.1.
USB Restricted Mode is designed to thwart iPhone-cracking tools that work by connecting to the device’s Lightning port. It operates like this: if an iPhone or iPad is not unlocked after one hour, data access through the Lightning port will shut down.
Unfortunately, USB Restricted Mode doesn’t appear to be perfect; a $39 USB adapter can easily defeat it, according to ElcomSoft researcher Oleg Afonin.
“What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before,” Afonin wrote in a Monday blog post.
Most USB accessories, such as Apple’s Lightning-to-USB 3 Camera Adapter, can disable the countdown timer, he claims. However, the loophole has a limitation; it only works on iPhones or iPads that have yet to cross the one-hour threshold.
Even so, the vulnerability could give enough leeway for a hacker or law enforcement to crack an iPhone. People are constantly using their mobile devices throughout the day, Afonin notes. So it wouldn’t be hard for police officers to seize an iPhone when it’s been recently unlocked, and connect it to a Lightning adapter, preventing the USB Restricted Mode from fully activating, he says.
So far, Apple hasn’t commented on the reported vulnerability. But Afonin notes that the Lightning port’s communication protocol was designed to be open, not to stifle access between USB accessories.
Whether Apple can quickly patch the problem remains unclear. But Afonin offered a potential solution. “Theoretically, iOS could remember which devices were connected to the iPhone, and only allow those accessories to establish connectivity without requiring an unlock,” he wrote in his blog post.
For more information on the USB Restricted Mode and how to toggle it on or off, Apple has a guide here.
Facebook is facing a fine of over $650,000 in Britain after the country’s information regulator said Wednesday the company failed to protect millions of users’ data. The social media giant has been under pressure from governments in Europe and the U.S. since the Cambridge Analytica scandal, revealing that the consulting company gained access to the...
PayPal sent the letter, seen below, to Lindsay and Howard Durdle. (Facebook/Howard Durdle) PayPal was forced to apologize after sending a letter to a woman who had died of cancer claiming her death “breached its rules.” Howard Durdle, whose wife Lindsay died of cancer on May 31 at age 37, gave the mobile payments company...