Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Researchers Find Way to Prevent USB Restricted Mode From Activating on iOS Devices
- Thread starter MacRumors
- Start date
- Sort by reaction score
I can see the release notes for iOS 12 when it comes out.
"Plugged security hold that prevented this feature from being activated."
"Plugged security hold that prevented this feature from being activated."
[doublepost=1531244488][/doublepost]Apple writes the software, so they will keep patching the holes that let people in. And will soon make their first priority.
Security researchers claim to have discovered a loophole that prevents an iPhone or iPad from activating USB Restricted Mode, Apple's latest anti-hacking feature in iOS 12 beta and iOS 11.4.1, which was released on Monday.
USB Restricted Mode is designed to make iPhones and iPads immune to certain hacking techniques that use a USB connection to download data through the Lightning connector to crack the passcode.
iOS 11.4.1 and iOS 12 prevent this by default by disabling data access to the Lightning port if it's been more than an hour since the iOS device was last unlocked. Users can also quickly disable the USB connection manually by engaging Emergency SOS mode.
However, researchers at cybersecurity firm ElcomSoft claim to have discovered a loophole that resets the one-hour counter. The bypass technique involves connecting a USB accessory into the Lightning port of the iOS device, which prevents USB Restricted Mode from locking after one hour.
ElcomSoft's Oleg Afonin explained the technique in a blog post:
According to Afonin, Apple's own $39 Lightning to USB 3 Camera Adapter can be used to reset the counter. Researchers are currently testing a mix of official and third-party adapters to see what else works with the bypass technique.
Afonin notes that ElcomSoft found no obvious way to break USB Restricted Mode once it has been engaged, suggesting the vulnerability is, in his words, "probably nothing more than an oversight" on Apple's part. Still, at present its existence provides a potential avenue for law enforcement or other potentially malicious actors to prevent USB Restricted Mode from activating shortly after seizure.
Both iOS 11.4.1 and iOS 12 beta 2 are said to exhibit the same behavior when exploiting the loophole. However, expect this to change in subsequent versions of iOS - Apple continually works on strengthening security protections and addressing iPhone vulnerabilities as quickly as possible to defend against hackers.
Apple reportedly introduced USB restrictions to disable commercial passcode cracking tools like GrayKey. Afonin cites rumors that the newer GrayShift tool is able to defeat the protection provided by USB Restricted Mode, but the research community has yet to see firm evidence confirming this.
Article Link: Security Researchers Find Way to Prevent USB Restricted Mode From Activating on iOS Devices
This is one reason I don't understand why I can't enable that immediately instead of waiting an hour? Shouldn't I be able to triple press the home button or something and instantly engage it? Or better yet turn it off completely in settings.
It would obviously be great if Apple could make it so that when a user activates Emergency SOS mode, the phone enters USB Locked status regardless of whether it is connected to a device or not.
[doublepost=1531256403][/doublepost]
[doublepost=1531256403][/doublepost]
That is a false statement.
This gambit was mentioned by a reader over a month ago when it was announced for iOS12.
I have to unlock my phone to update the iOS when it is plugged into a trusted computer I am logged into, why not make it immediate and require the user unlock the phone to enable anything other than charging when plugged into a cable?
Inconvenient in some instances, but so is the use of any key at any time. At a minimum require the device be unlocked with each distinct session with a cable. Trusted or not, third-parties could nearly as easily gain access to a trusted computer, something immediate locking, by virtue of sleep or unplugging from a cable would foil.
I have to unlock my phone to update the iOS when it is plugged into a trusted computer I am logged into, why not make it immediate and require the user unlock the phone to enable anything other than charging when plugged into a cable?
Inconvenient in some instances, but so is the use of any key at any time. At a minimum require the device be unlocked with each distinct session with a cable. Trusted or not, third-parties could nearly as easily gain access to a trusted computer, something immediate locking, by virtue of sleep or unplugging from a cable would foil.
This. With TouchID or FaceID for day-to-day use, your password, that you only have to enter once in a long while, ought to be 20 character alphanumeric/punctuation extravaganza.
This is probably the workaround that was discussed earlier by the guys at KeyShift (? can't remember their names). Or at least I hope this is the case.
Researching and publishing holes is literally this person’s job.
[doublepost=1531294575][/doublepost]
You, using CarPlay, untangling the wires while already late for work: “dammit, iPhone, I just approved my car as a trusted device a second ago!”
That’s why.
Because it sometimes takes Apple years to update security issues that have been reported to it. They are also very closed when it comes to talking about security issues, something that doesn't give a lot of big businesses assurances.
Really? Ive been using Macs since the beige G3's and one thing that Apple never bothered with was patching bugs in their OS's in a timely manner.
See here from 2009 https://www.macworld.com/article/1140873/apple_java_security.html
Their secrecy, their arrogance in responding to people reporting security bugs and their reliance on their OS not being so popular as to attract hackers was their business plan for a very long time.
Or releasing an operating system where you could bypass all security by logging in as 'root' with an empty password.
The only reason they now secure their products is because they want more control over your devices. Thats why a massive Java bug goes unfixed for months, but a baseband crack is fixed within days.
To quote from a story linked above "Apple itself recommended in December 2008 that users buy antivirus software. It quickly recanted that statement, though, presumably for marketing purposes."
So for me, what I said is true. They will fix security bugs if it benefits Apple, otherwise they generally are not that bothered.
Interesting POV. But every Mac I have ever used since 1984 has been virus free and never been hacked. The same cannot be said for the PCs that I have owned and used, several of which have been bogged down with viruses and infections to the point that they became useless . I think it’s pretty clear that they care as much as the need to care to prevent problems for Apple users.
This would all be easier if they hadn’t eliminated the headphone jack. Kind of defeats the point of having controls on the cord if anytime you need to replug them (or maybe even resume paused/stopped play) you need to unlock again.
Does that actually need to happen with headphones? They don't exactly seem to be a USB accessory or something that would fall into that type of category.
Because Apple relied on the fact not enough people owned a Mac to make them as big a target as Windows.
There have been viruses and worms on Mac since the beginning. Getting a Zip disk from an agency or printers was always a dodgy time, given thats how they spread back then.