Earlier this week, Apple released security updates for all of its major operating systems: macOS, iOS, watchOS, and tvOS.
Interestingly, iOS 11.4.1 includes a surprise: USB Restricted Mode—a somewhat controversial security feature that Apple describes in a separate support article.
USB Restricted Mode was first introduced in the iOS 12 beta at Apple’s WWDC event in early June. (Related: Why iOS 12 Is Huge for Security and Privacy)
USB Restricted Mode is enabled by default in iOS 11.4.1 and later. Image: Apple
By default, iOS 12—and now iOS 11.4.1—purposely block access to USB devices connected to an iPhone after it has been locked for at least one hour, or if the phone has been put into Emergency SOS mode. After one of those conditions has been met, connecting a device to the Lightning port requires unlocking the phone before the connected device will work.
Although USB Restricted Mode may sound like a great thing to security-conscious consumers and privacy advocates, some worry that the feature could potentially prevent law enforcement agencies from obtaining access to encrypted information on a suspect’s iOS device after having legally obtained a warrant, or to stop an impending terrorist attack.
Apple maintains that the new feature is designed to defend customers “against hackers, identity thieves and intrusions into their personal data,” and that the company has “the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”
There is some debate, however, about whether USB Restricted Mode actually protects anyone sufficiently at all.
Dongles capable of defeating USB Restricted Mode reportedly include Apple’s own Lightning to USB 3 Camera Adapter, which Apple sells for only US$39. ElcomSoft speculates and plans to confirm that cheaply manufactured third-party products—which they say can cost less than $3—may work just as well.
Depending on the situation, your device may be well enough protected from certain attacks regardless of this workaround. If an attacker steals your phone after it has already been locked for an hour, or if you have a chance to press your iPhone’s Emergency SOS button combination before an attacker can steal the phone or attach a dongle to it, then USB Restricted Mode will engage and you’ll be protected.
For law enforcement and intelligence agencies, there may be yet another loophole that could give them legal permission to start breaking into a device within an hour of the last time it was unlocked. Data recovery company DriveSavers recently reported that agencies can search a device without a warrant if there are “exigent circumstances,” meaning that a reasonable person would conclude “that a warrantless search or entry… was necessary to prevent physical harm to the officers or other persons, the destruction of relevant evidence, the escape of a suspect, or some other consequence improperly frustrating legitimate law enforcement efforts.”
For more technical details about the vulnerabilities patched in the latest security updates, you can review the following Apple support articles:
Whenever there’s something noteworthy about an Apple security update, or any other Apple-related security news worth mentioning, Intego has you covered! Be sure to subscribe to The Mac Security Blog, the Intego Mac Podcast, and the Intego YouTube channel to stay informed about the latest Apple security news.
GrayKey photo via Thomas Reed.
