Apple’s new USB security feature has a major loophole

USB Restricted Mode

Yesterday, Apple has introduced a new USB Restricted Mode, which was introduced along with iOS 11.4.1 release.

This new update may not be as secure as like the previous update. This feature is specially designed to protect iPhones from USB devices being used by law enforcement to decode your passcode.

This feature works by disabling USB access, after which the phone will be locked for an hour. However, a Computer security company named as ElcomSoft has already found a trick to break it.

The firm’s Researchers have found that they have the ability to reset that one hour counter if they plug in a USB accessory within that window.

And, it does not matter that whether that USB accessory used with the phone in the past.

The test showed that the bypass works even with USB 3 camera adapter of Apple, which will cost you almost $39 from the online Apple Store.

Still, Elcomsoft has been testing this new feature with various other adaptors although the company claimed that the same method does not work with the cheaper $9 Lightning to 3.5mm adaptor.

According to Oleg Aonin:

“Once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour.”

Then he questions the chances of a device getting seized within an hour after its last unlock.

“Quite high. We were not able to find any recent stats, but even two years ago an average user unlocked their iPhone at least 80 times a day.”

Despite, the Elcomsoft claimed that the technique to delay the Restricted Mode by attaching an iPhone device to an untrusted USB accessory is “probably nothing more than an oversight.”

However, the company has revealed this new Restricted Mode in the first place to prevent law enforcement accesses users’ data.

It is very odd to see why the company has purposefully included this type of loophole. It is unclear that what remedial actions the company will take to overcome this problem in subsequent iOS’ version.