One of Apple’s own technologies, an adapter costing just $39, can help cops and robbers bypass one of the Cupertino giant’s biggest security features in iOS 11.4.1, according to Russian iPhone forensic specialists.
They believe that it’s possible to undo the so-called iOS USB Restricted Mode, which disables data connections over the Lightning port after an hour of a phone being locked. This was believed to have been a response from Apple to the likes of GrayShift, an Atlanta-based company that claims to be able to unlock the latest iPhones with its GrayKey, which works via the Lightning port, though that would take more than an hour to do so in most cases.
But researchers from Russian law-enforcement vendor Elcomsoft said that while they hadn’t found a way to stop USB Restricted Mode from working once it was in operation after that hour gap, it had discovered a workaround that could help police (or anyone with physical access to an iOS device) bypass the feature.
Read more: New York Cops Are Hacking iPhones With Secretive $15,000 GrayKey
All that’s required, wrote Elcomsoft’s Oleg Afonin, is an accessory device, such as the $39 Lightning to USB 3 Camera Adapter, sold by Apple. Once connected, this would reset the one-hour timer, thereby providing a way to stop USB Restrictive Mode from turning on.
“What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all),” Afonin wrote. “In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.”
Vladimir Katalov, CEO of Elcomsoft, told Forbes this would be big news for law enforcement, who would typically need some time to transfer an iPhone to labs and gain the relevant warrants to unlock the device, whether with GrayKey or rival tools from the likes of Cellebrite.
And though it appeared Apple had allowed this to ensure accessories carried on working normally, the iPhone maker could do more. “I think Apple needs to improve that, introducing something like pairing, establishing a trust relationship, with accessories too,” Katalov told Forbes. “Like with a computer, so only trusted accessories should disable the restricted mode and reset the countdown timer.”
Apple hadn’t responded to a request for comment at the time of publication.
Read more: Meet The Russians Helping The Feds Hack Silicon Valley
