How about this. Let me completely disable port data usage because I never use it for anything anyways.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Researchers Find Way to Prevent USB Restricted Mode From Activating on iOS Devices
- Thread starter MacRumors
- Start date
- Sort by reaction score
I wonder if they can hack into the system to reduce battery drain...
I never understand why the people who use the machines to break into the phones don’t shut up about it. If you have a way in, fine, don’t advertise it. As soon as you do, apple then closes it And then you have to find another way.
You see this on the computer side too. They make little USB dongles that plug in and shake the mouse every few seconds to keep the computer from going to sleep until they can get it to a lab to analyze.
There are even special power setups that allow them to feed power into the surge protector the computer is connected to and then unplug the protector from the wall. This again allows them to bring a machine back to a lap without shutting it down.
Back in the day, pull the plug was the preferred way of forensic investigation, as they didn't want to impact anything by shutting it down normally. Now it's about preservation of evidence, including what might be live in RAM and other places that would be lost when pulling the plug. This is why live forensics has become a thing and grown so large.
[doublepost=1531230317][/doublepost]
These type of tools have existed since the iPhone has. We've been selling them to government law enforcement for years. It wasn't until the time of the San Bernardino incident that the media took notice of their existence.
There are a LOT of tools out there the media and general public are completely ignorant to still.
And Apple often doesn't care. There are tools for cracking iOS and macOS that they've been well aware of and haven't done anything to patch in more than 10 years.
We can only wonder why USB restricted mode doesn't activate immediately by default. What's up with the strange 1 hour grace period? Seems fishy to me.
I use a wireless charger for my iPhone X so I don't need the lightning port to charge. The only time I ever plug anything into my phone is when I am using Apple CarPlay. If someone made an aftermarket device to allow CarPlay to work and charge my phone wirelessly, I would be fine with Apple removing the lightning port completely. I know there are some people who use that port for other things but I do see it as the next step toward making the phone more dust / water resistant, secure, and "magical" 
So they spend a lot of time on making sure iPhone can't be hacked, but security in iOS isn't something they spend a lot of resources on? Doesn't quite seem like the statements really follow one another.
[doublepost=1531231237][/doublepost]
Why fishy?
And you clearly have no idea what you're talking about. What a ridiculous thing to say.
No thanks. That would be another terrible development. I would hate it if USB audio interfaces didn't work anymore. And I'm sure there are a thousand more use cases relevant to other people.I know there are some people who use that port for other things but I do see it as the next step toward making the phone more dust / water resistant, secure, and "magical"
I wouldn’t consider it inconvenient. If you authorize it when you connect and it remains authorized until disconnected that actually seems like a great security feature. I hardly ever connect my phone but maybe others are constantly connecting and disconnecting. If that really is a problem this could be an optional setting that defaults to the more secure option.
I am guessing that they do this so that, if you have the phone docked for playing music or some such, that you are still able to play music or some such. That said, they could still make it work. Timer starts when phone is locked (by time or physically by user). Even if phone is locked and docked, timer continues. Lightning port stays unlocked while docked, but as soon as it is removed from the dock (assuming timer is at zero), it locks. This would allow the phone to still transmit data (music or some such) while docked, but then as soon as it is undocked, the port gets locked.
Then again, it still allows police to hold the phone open. Maybe also throw in there that the phone has to be using (Sending) data to keep the port open.
Apple will fix this.
Then again, it still allows police to hold the phone open. Maybe also throw in there that the phone has to be using (Sending) data to keep the port open.
Apple will fix this.
Maybe you could help Apple out with the benefit of your wisdom and knowledge by informing them of other yet-to-be-discovered software bugs and oversights. Should be easy, right?
Much like FaceID and eye awareness, I could see fixing this (or at least making it more difficult for the attacker) simply by changing the activity criteria to actual port data exchange within the hour limit, rather than simply having a data-capable device plugged in.
So.... LEO walks up to suspected evil doer, act all nonchalant, wait for evil doer to pull their phone out, leap to grab phone. Immediately attach Lightning to HDMI adapter, then start arrest process plus say "Hey Siri" remind me in 58 minutes to disconnect and reconnect the adapter in this perps phone. Put on sunglasses, smirk, put perp in the car and drive to the station.
***/sarcasm
***/sarcasm
I guess whenever a LEO does something you don't think he or she should be able to do, one could label the action as malicious.
One could, if one wanted to be wrong. It isn't clear if MR was being deliberately arch here, or if this was simply a matter of lackadaisical writing. See quite a bit of both.
Even if you are a small time crook, say a drug dealer with a phone full of evidence, in a typical city, the 1 hour timer starts on the last use, not when the LEO apprehends you. What if it has been sitting in your pocket for 20 minutes? If you're actively using it and you get surprised by a LEO, is it hard to click the power button 5 times even if you are told to freeze?
Then, what are the chances that any PD will have the budget to purchase a lightning USB adapter for every LEO on the off chance that maybe one day it could be used (and that it wouldn't be defeated within weeks with a software update or by a likely move to a different connector like USB-C)? And where is it going to sit for easy access? On their belt, next to the stun gun?
How are they going to deploy it while they are on the middle of the arrest? How would they plug and unplug while driving you to booking, maintaining the chain of evidence (so it can be used in court) for the entire time before getting to a gray box. And that assumes that there is a gray box anywhere close by (considering their cost) and that it is not already in use.
Are they going to this right away every time someone gets pulled over or apprehended? Or will the decision be made on the fly? The longer they wait the less likely they will catch it before the hour is up.
They would need so many resources to line up in less than an hour that I don't see how this makes a difference in the real world unless you are the .001% that is the target of a major FBI sting who would have every tool on hand to confiscate your phone. And even then, five clicks.
Then, what are the chances that any PD will have the budget to purchase a lightning USB adapter for every LEO on the off chance that maybe one day it could be used (and that it wouldn't be defeated within weeks with a software update or by a likely move to a different connector like USB-C)? And where is it going to sit for easy access? On their belt, next to the stun gun?
How are they going to deploy it while they are on the middle of the arrest? How would they plug and unplug while driving you to booking, maintaining the chain of evidence (so it can be used in court) for the entire time before getting to a gray box. And that assumes that there is a gray box anywhere close by (considering their cost) and that it is not already in use.
Are they going to this right away every time someone gets pulled over or apprehended? Or will the decision be made on the fly? The longer they wait the less likely they will catch it before the hour is up.
They would need so many resources to line up in less than an hour that I don't see how this makes a difference in the real world unless you are the .001% that is the target of a major FBI sting who would have every tool on hand to confiscate your phone. And even then, five clicks.
Sounds like SOP for law enforcement during routine traffic stops and the like will be to confiscate all IOS devices immediately, insert a lightning device to keep the USB lock from activating and then go from there.
I expect someone will start manufacturing a Lightning Port security lock akin to those available for female USB ports.
I expect someone will start manufacturing a Lightning Port security lock akin to those available for female USB ports.