Apple iOS 11.4.1 officially adds USB Restricted Mode, blocking hacking tools


While Apple might fix the flaw in the next iOS 11.4 release or in the iOS 12, Afonin doesn't consider it as a severe vulnerability and calls it an "oversight".

Back when Apple first revealed that it would be implementing USB Restricted Mode in iOS, the company caught some backlash from United States authorities. Originally, Apple planned to have the restricted mode kick in after a week but last month changed its mind to reduce the time limit to an hour.

It prevents specialist unlocking hardware made by the likes of Cellebrite and Grayshift from entering multiple passcode guesses via the phone's data port.

However, Elcomsoft now belives it has found a way round the data port being locked in the first instance, by connecting cheap USB devices to seized iPhones.

If you think back to the tragic San Bernardino shooting incident of 2015, you might recall that Apple refused to build a software backdoor for the Federal Bureau of Investigation to access one of the killers' phones, fearing that doing so would set a unsafe legal precedent.

More news: David Beckham and Zlatan Ibrahimovic agree World Cup wager

Afonin's method works by extending the one-hour countdown of Apple's USB Restricted Mode.

ElcomSoft researchers have published a blog post revealing a flaw in the design of USB Restricted Mode that resets the one-hour counter. The battery indicator reportedly dropped to 40% over that time. But for now at least, iPhones, with this update, are locked down.

Though Apple doesn't explicitly say what this feature is for, it seems likely it's primary goal is to prevent law enforcement from getting their hands on your data. And very little information about how it works. However, Apple had not released the details on its security page at the time of this posting, but expect them to appear sometime soon.

These fixes address various bugs, some of which can be exploited by webpages to execute malicious code on vulnerable devices.

While the update doesn't bring any particularly exciting or fun features of note, it does add a pretty nifty new security feature.