IOS 11.4.1's New Passcode Cracking Prevention Feature Can Be Bypassed: ElcomSoft

FBI agent on a phone

FBI agent on a phone

Researchers believe a security feature designed by Apple to prevent iPhone and iPad data ports being used by law enforcement to crack passcodes may be defeatable with cheap USB devices. Unfortunately, a security firm has already found a loophole to get around the feature. The way it works is that when an hour has lapsed without the iPhone or iPad being unlocked with a passcode, the Lightning-USB connection will disable any data transfer.

This trick works in iOS 11.4.1 and iOS 12 beta 2, both of which have the USB Restricted Mode feature, ElcomSoft claims.

USB Restricted Mode is created to shut off access to data on an iPhone or iPad when new USB accessories are plugged into the Lightning port, as long as it's been more than an hour since you last unlocked your iPhone.

"The ability to postpone USB Restricted Mode by connecting the iPhone to an untrusted USB accessory is probably nothing more than an oversight", summed up Afonin.

It's worth noting that nobody has been able to hack USB Restricted Mode yet, once it's actually been an hour since you unlocked the phone. "Theoretically, iOS could remember which devices were connected to the iPhone, and only allow those accessories to establish connectivity without requiring an unlock - but that's about all we can think of".

More news: Rescue efforts for boys trapped in Thai cave begin
More news: Netflix Introduces Smart Downloads
More news: Trump says he’s still confident Kim will denuclearize

Most (if not all) USB accessories fit the goal - for example, Lightning to USB 3 Camera Adapter from Apple.

Now you'll want to make sure that the USB Accessories toggle is turned off in order to enable USB Restricted Mode.

Enter your device's passcode. Specifically, the update fixes a problem that kept some users from seeing the last known location of Apple's true wireless earbuds with the Find My iPhone tool. This is the fifteenth update since iOS 11 released last September. However, this doesn't mean that the USB connectivity with an Apple device is entirely safe. Does installing iOS 11.4.1 fix the issue, or are there better alternatives to solving it? After all, if you're listening to music with your iPhone hooked up to a USB audio interface, you don't want the music to stop after an hour, and to re-authenticate before you can continue. But security researchers note that it's trivially easy to block that lockout with Apple's own accessories.

At first we thought we would have to wait until iOS 12 this fall to see this feature, but here it is.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.