iOS 11.4 Disables Lightning Connector After 7 Days, Limiting Law Enforcement Access

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, May 8, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    The iOS 11.4 update, currently being beta tested, includes a USB Restricted Mode that introduces a week-long expiration date on access to the Lightning port on your iOS devices if your phone hasn't been unlocked, which has implications for law enforcement tools like the GrayKey box.

    USB Restricted Mode was outlined this morning by Elcomsoft after testing confirmed that the feature has indeed been enabled. In Elcomsoft's experience, after an iPhone or iPad has been updated to iOS 11.4, if it hasn't been unlocked or connected to a paired computer in the last 7 days using a passcode, the Lightning port is useless for data access and limited to charging.
    With a time limit on the Lightning port, it seems law enforcement officials and bad actors who have physical access to a device will have one week from the time that it was last unlocked to attempt to access it through unlocking tools like the GrayKey, which uses the Lightning port to install software to crack the passcode of an iOS device.

    USB Restricted Mode won't prevent tools like the GrayKey box from being used on an iPhone, but it does suggest that the passcode needs to be discovered within a matter of days, severely limiting the amount of time that law enforcement officials have to get into a device.

    In developer documentation, Apple says the new mode is meant to bolster security on the iPhone and iPad: "To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via Lightning connector to the device while unlocked - or enter your device passcode while connected - at least once a week."

    Apple is pairing the new USB Restricted Mode with several other security features that have been introduced through iOS 11 updates. Early iOS 11 updates introduced expiration dates for local backup techniques used to access iOS devices, while iOS 11.3 introduced further limits, cutting down access to just one week.

    [​IMG]
    GrayKey iPhone unlocking box, via MalwareBytes​

    Companies like GrayShift that provide iPhone unlocking tools to law enforcement agencies keep their methods highly secretive to prevent Apple from discovering and patching the exploits being used for access, but USB Restricted Mode and restricted access to local backups introduce clever mitigations that allow Apple to limit these tools even if the specific vulnerabilities haven't yet been addressed.

    USB Restricted Mode was actually first introduced in the iOS 11.3 beta, but it didn't make it into the iOS 11.3 release, so its presence in the iOS 11.4 beta does not guarantee that it will be included when iOS 11.4 launches to the public.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: iOS 11.4 Disables Lightning Connector After 7 Days, Limiting Law Enforcement Access
     
  2. MLVC macrumors 6502a

    MLVC

    Joined:
    Apr 30, 2015
    Location:
    Maastricht, The Netherlands
    #2
    Nice! Now would be even nicer if it was shorter then 7 days. 1 day is fine with me. A couple of hours would be fine with me too.
     
  3. LoveToMacRumors macrumors 68020

    LoveToMacRumors

    Joined:
    Feb 15, 2015
    Location:
    Canada
    #3
    Good stuff
     
  4. fokmik macrumors 68020

    Joined:
    Oct 28, 2016
    Location:
    USA
    #4
    so if i dont connect my iphone to my mac for 7 days...from that day on, i will no longer can do it?
     
  5. Nozuka macrumors 68000

    Joined:
    Jul 3, 2012
  6. wolfshades macrumors 6502

    wolfshades

    Joined:
    Nov 1, 2007
    Location:
    Toronto, Ontario Canada
    #7
    Now THAT is a genius solution, especially as it cuts off those who diligently attempt to update/create more bypasses at the advent of each new OS iteration. Well done, Apple!
     
  7. wolfshades macrumors 6502

    wolfshades

    Joined:
    Nov 1, 2007
    Location:
    Toronto, Ontario Canada
    #8
    No. You can still unlock it with your password/biometric. You can’t access it at all via USB cable.
     
  8. whitedragon101 macrumors 65816

    Joined:
    Sep 11, 2008
    #9
    How long does it take greykey to crack an alphanumeric passcode?
     
  9. IGI2 macrumors 6502

    IGI2

    Joined:
    May 6, 2015
    #10
    An opt-in option to enter the passcode (Face ID or Touch ID) every time you connect the iPhone to Mac or PC would be nice as well.
     
  10. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #11
    You can, but you have to enter the passcode.

    Some hacker using a tool that he plugs into your phone to get the passcode needs the passcode first...
     
  11. JosephAW macrumors 68000

    JosephAW

    Joined:
    May 14, 2012
    #12
    I'm still in iOS 10 so meh. If I update my iPhone 7 doesn't it disable the mic too?
     
  12. StevieD100 macrumors 6502

    StevieD100

    Joined:
    Jan 18, 2014
    Location:
    Living Dangerously in Retirement
    #13
    Please Apple, impliment this but make the delay user configurable with a max and a default of say 7 days.
    I'd set mine to 2 hours...
    And no, I don't have anything to hide apart from my life.
    Then go one step further and allow the device to initiate a security erase in the background if attempts are made to unlock it via USB.
    Yes, shades of mission impossible but TBH, I want snooping on my phone to be a 'mission impossible'.
     
  13. lec0rsaire macrumors 6502a

    Joined:
    Feb 23, 2017
    #14
    This is definitely moving in the right direction. This will give Apple yet another advantage over Android. While someone may find a workaround, it will get harder and harder to break into individual phones given that they’re on the latest firmware.
     
  14. Cosmosent macrumors 6502

    Cosmosent

    Joined:
    Apr 20, 2016
    Location:
    La Jolla, CA
    #15
    Bravo Apple, a most-excellent addition !

    Now, please, focus on BGR10A2Unorm 10-bit extended color support via AVCaptureVideoDataOutput !
     
  15. JosephAW macrumors 68000

    JosephAW

    Joined:
    May 14, 2012
    #16
    I wish they had an assignable TouchID lockdown finger. How would they do that with FaceID
     
  16. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #17
    It's at least 80 milliseconds to check each single key. At least almost a day to check a million keys. 144 years for random six digits and lowercase / uppercase letters.
     
  17. DotCom2 macrumors 68040

    Joined:
    Feb 22, 2009
    #18
    I have two of the cheaper iPads that I use when I travel that I don't even access for weeks!
    This might be a problem for me.
     
  18. sdwaltz macrumors 6502a

    Joined:
    Apr 29, 2015
    Location:
    Indiana
    #19
    Words cannot describe how much I love Apple for this.
     
  19. djlythium macrumors 6502a

    djlythium

    Joined:
    Jun 11, 2014
    #20
    Yea, should be a customizable setting, with a maximum of 7 days.
     
  20. OldSchoolMacGuy macrumors 68040

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #21
    Seriously? I'm wiling to bet you don't even grasp the real advantages/disadvantages of this and yet to makes you love them more than words can describe?
     
  21. Solomani macrumors 68040

    Solomani

    Joined:
    Sep 25, 2012
    Location:
    Alberto, Canado
    #22
    Is this good for (user) security? Or simply another user (lock-out) inconvenience?
     
  22. MrGuder macrumors 68020

    Joined:
    Nov 30, 2012
    #23
    But what happens if your phone battery died and it's been 7 days for instance you lost your phone and found it later you couldn't plug it in in order to use your passcode? I guess those case would be rare.
     
  23. OldSchoolMacGuy, May 8, 2018
    Last edited by a moderator: May 9, 2018

    OldSchoolMacGuy macrumors 68040

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #24
    This just prevents the phone from being accessed by a computer. You can still charge via the Lightning port. It's a data block, not a total cut off of all Lightning functionality including power.
     
  24. atomic.flip macrumors regular

    atomic.flip

    Joined:
    Dec 7, 2008
    Location:
    Orange County, CA
    #25
    More security is always welcome. I like the idea of this.
     

Share This Page