iOS 11.4: Apple Throws Another Punch at Law Enforcement Agencies
The ‘USB Restricted Mode’ feature will make it even harder for agencies to hack into iPhones
The never-ending tale of Apple vs. Law Enforcement has just taken another twist. Apple, with its much anticipated (thanks to the iOS 11.3 bugs) iOS 11.4 update, is going to introduce a new feature that should give a collective headache to law enforcement agencies and companies such as Grayshift, the creators of GrayKey—an iPhone unlocking box.
This feature is called ‘USB Restricted Mode.’
USB Restricted Mode, as the name suggests, restricts the access of the iPhone via lightning connector. The way it works is simple yet highly effective in nature. Once an iPhone or an iPad has been updated to 11.4, the USB Restricted Mode disables USB data connection if the device hasn’t been unlocked for a week. The phone will be charged via the lightning connector but won’t be able to establish a USB connection.
“To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via the lightning connector to the device while unlocked – or enter your device passcode while connected – at least once a week,” wrote Oleg Afonin of ElcomSoft, a password, and system recovery software provider.
Does USB Restricted Mode really matter?
Let me explain it to you.
Unless you were born yesterday, you’d have heard of the infamous spat(s) between Apple and the FBI. Apple, as a part of its Zero-Knowledge Encryption, doesn’t allow any access to anyone who wants to crack the password and unlock the device. In fact, even Apple cannot break it if it wishes to. But the fortunate or unfortunate (whichever side you’re on) truth about today’s virtual world is that someone will come up with a way no matter how strong the security is.
That’s what Grayshift did with its GrayKey device. This device tries brute-force attacks via USB connection to unlock the device. In simple words, GrayKey tries all sorts of different permutations and combinations to crack the password; it’s an intricate yet super-fast guessing game.
The online version of GrayKey is available for $15,000, and the offline one costs $30,000. Note that not everyone can get GrayKey as only the “right” people and organizations with “legitimate purpose” can get access to it. But I certainly won’t deny the possibility of GrayKey eventually ending up on eBay.
When the news of such a device first came to the surface, it appeared that the likes of the FBI would no longer have to work through a court (they didn’t need to do it anyway) or run to Israeli firms to crack an iPhone – or try to use a dead man’s finger – a palm-sized box is all they’d need.
However, Apple seems to have other ideas.
The USB Restricted Mode won’t let devices connect if the phone hasn’t been unlocked in seven days. So, the device has a limited timeframe to weave its magic. iPhone or iPad will go in the no-response state if a week passes without getting unlocked.
It still might not matter
Don’t get your hopes too up as this feature is still being tested in the beta version of iOS 11.4. It was also a part of the iOS 11.3 beta but was later removed in the stable 11.3 release. So, that possibility is always there. Even if USB Restricted Mode isn’t a part of the software update, iPhone users will welcome 11.4 with open arms as the 11.3 bugs have left many of them frustrated.
iOS 11.4 can’t come soon enough!
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown