Apple’s latest version of iOS, released yesterday, includes USB Restricted Mode, a security measure that seems designed to prevent unwanted decryption of iPhones by both bad actors and law enforcement using passcode cracking tools.
But a team of researchers claim they have found a loophole. While that may be good news for law enforcement, it’s bad news for everyone else.
Apple’s new security measure is designed to disable the Lightning port’s data connection either one hour after your iPhone’s last unlocking or one hour after it has been disconnected from a trusted USB device.
Security firm Elcomsoft, however, claims it has found a peculiar “workaround” when it comes to Apple’s time limit.
While a Lightning to 3.5mm jack dongle won’t work, other dongles, including Apple’s own Lightning to USB 3 Camera Adaptor, can allegedly reset the one-hour limit, possibly buying time for someone looking to break into a device.
ElcomSoft’s Oleg Afonin says the issue might be in how the Lightning port communicates with devices.
If the iPhone talks to a computer, the two devices must establish trust by exchanging unique cryptographic keys. This, however, does not apply to the majority of existing Lightning accessories. Existing accessories share public keys for trust; many of them are simply not designed to exchange cryptographic keys the way computers do. As a result, before USB Restricted Mode kicks in, an iPhone can check if the accessory is MFi certified – but that is pretty much it.
The researchers say finding a solution might be complicated, thanks to the sheer number of dongles and accessories that can’t be updated to prevent the apparent loophole from being exploited. One solution might involve iOS keeping a record of previously connected devices, according to Afonin.
ElcomSoft says USB Restricted Mode works as intended when enabled, and the firm’s strategy of using USB accessories will only work “if the iPhone has still not entered USB Restricted Mode”.
Gizmodo reached out to Apple for more information but had not heard back at time of writing.