Apple has rolled out a new feature called USB Restricted Mode with the release of iOS 11.4.1 that can protect your devices against USB accessories that connect to the data port, making it difficult for attackers to break into iPhone or IPad without user’s permission.
How does the feature work?
If the iPhone or iPad has been locked for an hour or more the USB Restricted Mode automatically disables data connection capabilities of the Lightning port on your iPhone or iPad, thus limiting it to charging only.
Once the USB Restricted Mode gets activated, there’s no way left for breaking into an iPhone or iPad without the user’s permission.
This feature was expected to stop devices like GrayKey (which plugs into an iPhone and cracks the passcode within a few hours) from working successfully.
How can the hackers bypass USB Restricted Mode?
According to the researchers, hackers can bypass USB Restricted Mode by directly connecting a USB accessory—such as Apple’s $39 Lightning to USB 3 Camera adapter—to a targeted iOS device within an hour after it was last unlocked would reset the 1-hour countdown.
Besides this, Activation of USB Restricted Mode can also be prevented even by using untrusted/third-party Lightning accessories, or those that have not been paired with the iPhone before.
Comments from Ankush Johar, Director at Infosec Ventures – an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes:
In order to bypass this feature hacker will have to gain access to the device within one hour of it being locked. This obviously limits the capabilities of the attack. A thief might be able to attach such a USB accessory immediately after taking a mobile device but in case of a state-sponsored crack, it will become near impossible for cases like the San Bernardino shooter where gaining physical access of the device within an hour of it being locked is extremely improbable for authorities.
Although it’s not a critical vulnerability, crackers around the world are still trying to figure out a way to break into this prevention mechanism and it won’t come as a surprise if they succeed too. It’s a cat and mouse game. One will patch and another will crack again.
Your email address will not be published. Required fields are marked *
FTC Celebrates 100th Anniversary of its Regional Offices
Australian Military Bank Powers Digital Transformation with Infosys Finacle on Cloud
Alpana Kirloskar honoured with IWEC Award in Shanghai, China
TCS Democratizes Recruitment to Provide an Equal Opportunity to Young Engineers across India
Schneider Electric strengthens strategic partnerships with top suppliers
2014 The Global Indian New Network (TGINN)