In a statement to 9to5Mac yesterday, Apple confirmed a new feature called USB Restricted Mode that restricts an iPhone’s Lightning port to charge only if the device hasn’t been unlocked in the last hour. According to a new report from Vice, however, security researchers have already been able to workaround the new feature..
USB Restricted Mode was seemingly introduced in response to tools like GrayKey, which connects to a passcode-protected iPhone via Lightning and uses brute-force tactics to gain access. GrayKey and other similar tools are incredibly popular among law enforcement agencies, as well criminals.
In an email obtained by Vice, though, a forensic expert claims that Grayshift has taken steps to “future proof” its technologies and has already defeated Apple’s new USB Restricted Mode:
“Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,” a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads.
Of course, it’s always possible that this security researcher is bluffing, though one would have to question that tactic as it would only push Apple to implement even stricter features to thwart tools like GrayKey.
As Apple said in its statement and we reiterated this morning, USB Restricted Mode isn’t necessarily designed to make the jobs of law enforcement agencies harder as many criminals also use GrayKey and similar devices to access private user data. However, the new feature is said to be causing a wave of worry among law enforcement:
“Of course they are concerned,” one source with access to restricted forums used by law enforcement told Motherboard.
USB Restricted Mode is currently in beta testing and will launch to the public soon, according to Apple. The company’s full statement from yesterday can be found here.
- Apple acknowledges new efforts to thwart passcode brute forcing
- This is the ‘GrayKey’ box used by law enforcement to unlock iPhones [Gallery]
- iOS 12 doubles down on passcode brute forcing, USB Restricted Mode now set to one hour
- Comment: No, Apple isn’t trying to thwart law enforcement with iOS 12 USB restrictions
Top image via Malwarebytes