Latest iOS 11.4 beta includes USB Restricted Mode to spoil cops
iPhone encryption popped back into the mainstream of attention for a moment when it was revealed that security firm Grayshift was reported to be in the middle of its marketing push to law enforcement agencies of its GrayKey, a device designed to brute force unlock an iPhone in evidence. The way it accesses the device in question is through a connection to its Lightning port.
Plenty of iPhones get locked into evidence drawers for weeks, if not even years, as cases get run through the process, grow cold and then, every so often, become hot again. There’s a possibility that Apple, which is wholly against the breaking of its hardware encryption by no one other than the owner of the iPhone, is now working to bite back against these sorts of enigma machines.
Security research firm Elcomsoft has posted its observations tracking one feature in the developer betas of iOS 11.3 and now 11.4 that has yet to go public: USB Restricted Mode.
Apple’s implementation would be as thus:
To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via lightning connector to the device while unlocked – or enter your device passcode while connected – at least once a week.
What means that if you haven’t entered a password in the past seven days,while you will be able to charge your iPhone, you won’t be able to use USB accessories — including items like GrayKey — as the device would not even attempt a data connection. It would also prevent connections to a trusted computer, where forensic investigators can use a lockdown record contained within an image backup that they can trigger even while the phone is still locked to unlock the phone. Already, Apple has been cracking down on the use of lockdown records with updates to iOS 11. In iOS 11.3, records expire after 7 days.
But will USB Restricted Mode pass on through to the final version of iOS 11.4? One encouraging sign would be a mention at WWDC 2018 in June.