Researcher found how to bypass USB Restricted Mode on iOS 11.4.1

by do son ·

On July 10th, Apple released the iOS 11.4.1 operating system this morning, introducing a new software mechanism to block the password cracking tools used by law enforcement agencies. The tool, called USB Restriction Mode, lets iPhones lose access to any third-party software after an hour of screen lock. In this way, malicious third parties or law enforcement agencies cannot use the password cracking tools such as GrayKey to break the phone.
However, researchers at Internet security firm ElcomSoft have discovered a vulnerability in which you can reset the one-hour timer whenever you plug a USB accessory into the iPhone’s Lightning port, regardless of whether the phone connected to the device in the past.
iOS 11.4.1

Researcher Oleg Afonin from ElcomSoft  said:

“Once USB Restricted Mode is engaged on a device, no data communications occur over the Lightning port. A connected computer or accessory will not detect a “smart” device. If anything, an iPhone in USB Restricted Mode acts as a dumb battery pack: in can be charged, but cannot be identified as a smart device. This effectively blocks forensic tools from being able to crack passcodes if the iPhone spent more than one hour locked. Since law enforcement needs time (more than one hour) to transport the seized device to a lab, and then more time to obtain an extraction warrant, USB Restricted Mode seems well designed to block this scenario. Or is it?”

Afonin said that Apple’s own Lightning to USB 3.0 camera adapter works, and the adapter costs $39 in the company’s online store. (Afonin also pointed out that the $9 Lightning to 3.5mm adapter won’t work.) ElcomSoft is testing other adapters, including cheap third-party adapters, to see which one can reset the timer.

This does not seem to be a severe flaw, just a mistake of Apple. Afonin said this might be just negligence. However, this does mean that law enforcement can entirely bypass this tool and continue to use cracking tools like GrayKey.

Tags: bypass USB Restricted Mode