Apple releases iOS 11.4.1 with passcode cracking blocker -- that can be easily bypassed with an accessory it sells
Apple is working away on iOS 12 at the moment, but it's still pushing out updates for iOS 11. As promised just a few weeks ago, a new update aims to block the use of iPhone passcode cracking tools, such as those used by law enforcement. But the patch has already been found to be flawed.
The latest update to iOS introduces a new USB Restricted Mode which is supposed to prevent the Lightning port of an iPhone or iPad being used to transfer data an hour after the device is locked. However, security researchers discovered that it is possible to bypass this security feature by plugging in an "untrusted USB accessory" -- and Apple sells such a device for just $39.
See also:
- Apple is updating iOS to lock out police iPhone hacking tools
- Apple will automatically share the location of 911 callers in iOS 12
- Apple releases the first public beta of iOS 12
- In iOS 12 Apple is completely rebuilding Maps from the ground up
Apple talks up the new security feature of the latest update, saying: "Starting with iOS 11.4.1, if you use USB accessories with your iPhone, iPad, or iPod touch, or if you connect your device to a Mac or PC, you might need to unlock your device for it to recognize and use the accessory. Your accessory then remains connected, even if your device is subsequently locked."
The company adds:
If you don't first unlock your password-protected iOS device -- or you haven't unlocked and connected it to a USB accessory within the past hour -- your iOS device won't communicate with the accessory or computer, and in some cases, it might not charge. You might also see an alert asking you to unlock your device to use accessories.
In theory, this should block the use of passcode cracking tools. But what's good in theory is not necessarily good in practice. With nothing more than a Lightning to USB 3 Camera Adapter -- available to buy direct from Apple -- you can prevent USB Restricted Mode from kicking in.
The security flaw was discovered by researchers at ElcomSoft who explain:
We performed several tests, and can now confirm that USB Restricted Mode is maintained through reboots, and persists software restores via Recovery mode. In other words, we have found no obvious way to break USB Restricted Mode once it is already engaged. However, we discovered a workaround, which happens to work exactly as we suggested back in May.
Researcher Oleg Afonin goes on to say:
What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.
Most (if not all) USB accessories fit the purpose -- for example, Lightning to USB 3 Camera Adapter from Apple.
Afonin notes that the apparent loophole is "probably nothing more than an oversight", but it's a pretty important oversight given the amount of noise Apple was making about the new security feature in the first place. Will another update be pushed out to address the issue? We'll just have to wait and see.
Image credit: KOKTARO / Shutterstock