iOS 11.4 Disables Lightning Connector After 7 Days, Limiting Law Enforcement Access

The iOS 11.4 update, currently being beta tested, includes a USB Restricted Mode that introduces a week-long expiration date on access to the Lightning port on your iOS devices if your phone hasn't been unlocked, which has implications for law enforcement tools like the GrayKey box.

USB Restricted Mode was outlined this morning by Elcomsoft after testing confirmed that the feature has indeed been enabled. In Elcomsoft's experience, after an iPhone or iPad has been updated to iOS 11.4, if it hasn't been unlocked or connected to a paired computer in the last 7 days using a passcode, the Lightning port is useless for data access and limited to charging.

At this point, it is still unclear whether the USB port is blocked if the device has not been unlocked with a passcode for 7 consecutive days; if the device has not been unlocked at all (password or biometrics); or if the device has not been unlocked or connected to a trusted USB device or computer.

In our test, we were able to confirm the USB lock after the device has been left idle for 7 days. During this period, we have not tried to unlock the device with Touch ID or connect it to a paired USB device. What we do know, however, is that after the 7 days the Lightning port is only good for charging.

With a time limit on the Lightning port, it seems law enforcement officials and bad actors who have physical access to a device will have one week from the time that it was last unlocked to attempt to access it through unlocking tools like the GrayKey, which uses the Lightning port to install software to crack the passcode of an iOS device.

USB Restricted Mode won't prevent tools like the GrayKey box from being used on an iPhone, but it does suggest that the passcode needs to be discovered within a matter of days, severely limiting the amount of time that law enforcement officials have to get into a device.

In developer documentation, Apple says the new mode is meant to bolster security on the iPhone and iPad: "To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via Lightning connector to the device while unlocked - or enter your device passcode while connected - at least once a week."

Apple is pairing the new USB Restricted Mode with several other security features that have been introduced through iOS 11 updates. Early iOS 11 updates introduced expiration dates for local backup techniques used to access iOS devices, while iOS 11.3 introduced further limits, cutting down access to just one week.

GrayKey iPhone unlocking box, via MalwareBytes

Companies like GrayShift that provide iPhone unlocking tools to law enforcement agencies keep their methods highly secretive to prevent Apple from discovering and patching the exploits being used for access, but USB Restricted Mode and restricted access to local backups introduce clever mitigations that allow Apple to limit these tools even if the specific vulnerabilities haven't yet been addressed.

USB Restricted Mode was actually first introduced in the iOS 11.3 beta, but it didn't make it into the iOS 11.3 release, so its presence in the iOS 11.4 beta does not guarantee that it will be included when iOS 11.4 launches to the public.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

(View all)
Avatar
25 months ago
Nice! Now would be even nicer if it was shorter then 7 days. 1 day is fine with me. A couple of hours would be fine with me too.
Score: 116 Votes (Like | Disagree)
Avatar
25 months ago
why wait a week? Why not daily?
Score: 38 Votes (Like | Disagree)
Avatar
25 months ago

Nice! Now would be even nicer if it was shorter then 7 days. 1 day is fine with me. A couple of hours would be fine with me too.

An opt-in option to enter the passcode (Face ID or Touch ID) every time you connect the iPhone to Mac or PC would be nice as well.
Score: 36 Votes (Like | Disagree)
Avatar
25 months ago
Now THAT is a genius solution, especially as it cuts off those who diligently attempt to update/create more bypasses at the advent of each new OS iteration. Well done, Apple!
Score: 35 Votes (Like | Disagree)
Avatar
25 months ago
Why are they waiting 7 days?
Score: 31 Votes (Like | Disagree)
Avatar
25 months ago
Please Apple, impliment this but make the delay user configurable with a max and a default of say 7 days.
I'd set mine to 2 hours...
And no, I don't have anything to hide apart from my life.
Then go one step further and allow the device to initiate a security erase in the background if attempts are made to unlock it via USB.
Yes, shades of mission impossible but TBH, I want snooping on my phone to be a 'mission impossible'.
Score: 31 Votes (Like | Disagree)

Top Stories

Apple Acquires Weather App Dark Sky

Tuesday March 31, 2020 10:22 am PDT by Juli Clover
Apple has acquired weather app Dark Sky, Dark Sky's developers announced today. Dark Sky is one of the most popular weather apps on the App Store, known for its accuracy and storm warnings. Our goal has always been to provide the world with the best weather information possible, to help as many people as we can stay dry and safe, and to do so in a way that respects your privacy. There is no ...

Apple's 2020 MacBook Air vs. 2020 iPad Pro

Wednesday April 1, 2020 2:45 pm PDT by Juli Clover
Apple in March updated both the MacBook Air and the iPad Pro, and with the iPad Pro increasingly positioned as a computer replacement, we thought we'd compare both new machines to see how they measure up and which one might be a better buy depending on user needs. Subscribe to the MacRumors YouTube channel for more videos. We're comparing the base model 12.9-inch iPad Pro and the base model...

Zoom Accused of Misleading Users With 'End-to-End Encryption' Claims Amid Other Security Issues [Updated]

Wednesday April 1, 2020 2:47 am PDT by Tim Hardwick
Zoom is facing fresh scrutiny today following a report that the videoconferencing app's encryption claims are misleading. Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever. However, an investigation by The Intercept reveals that...

Case for Upcoming Low-Cost iPhone Shows Up at Best Buy With Alleged April 5 Stock Date

Monday March 30, 2020 4:25 pm PDT by Juli Clover
Apple has a new low-cost iPhone in the works, which is supposed to be launching sometime in the first half of 2020. Given the ongoing situation in the United States and other countries, it's been unclear if the device is going to launch within the planned timeline, but there are signs that it could be coming soon. We started seeing cases for the new low-cost iPhone back in early February,...

Apple Adding Some 2013 and 2014 MacBook Air and MacBook Pro Models to Vintage Products List at End of April

Wednesday April 1, 2020 2:24 pm PDT by Joe Rossignol
In an internal memo obtained by MacRumors, Apple has indicated that the following 2013 and 2014 models of the MacBook Air and MacBook Pro will be added to its vintage and obsolete products list on April 30:MacBook Air (11-inch, Mid 2013) MacBook Air (13-inch, Mid 2013) MacBook Air (11-inch, Early 2014) MacBook Air (13-inch, Early 2014) MacBook Pro (13-inch, Mid 2014)Apple defines vintage...

AirTags Referenced in New Apple Support Video

Thursday April 2, 2020 12:12 pm PDT by Joe Rossignol
Apple has accidentally referenced its widely rumored AirTags item tracking tags in a video that it uploaded to its Apple Support channel on YouTube today. The video was first spotted by the blog Appleosophy and has quickly been removed. The video was titled "How to erase your iPhone." AirTags were mentioned in Settings > Apple ID > Find My > Find My iPhone under Enable Offline Finding, with...

Testing Brydge's New Pro+ Keyboard With Trackpad for iPad Pro

Monday March 30, 2020 2:04 pm PDT by Juli Clover
Well ahead of when Apple introduced trackpad support in iOS 13.4, Brydge announced an iPad Pro keyboard with a built-in multi-touch trackpad. We have one of Brydge's new Pro+ keyboards on hand, and thought we'd check it out to see how it works with Apple's new 2020 iPad Pro models. Subscribe to the MacRumors YouTube channel for more videos. The Brydge Pro+ keyboard is similar in design to...

Intel Unveils 10th-Gen Processors Suitable for Next 16-Inch MacBook Pro With Wi-Fi 6 and Turbo Boost Speeds Above 5GHz

Thursday April 2, 2020 7:53 am PDT by Joe Rossignol
Intel today announced the launch of its latest 10th-generation Core processors for high-end notebooks, potentially including the next 16-inch MacBook Pro. The batch of 45W chips, part of the Comet Lake family, are built on Intel's 14nm++ architecture. The new H-series chips have the same base clock speeds as the 9th-generation chips in the current 16-inch MacBook Pro, but Turbo Boost speeds...

Apple's Work on New Upcoming Products Progressing Normally as Employees Adjust to Telecommuting

Monday March 30, 2020 11:58 am PDT by Juli Clover
Apple's development of upcoming products is progressing as usual despite the fact that Apple employees around the world are working from home, according to a new report today out from Bloomberg. Apple is still working on new versions of the HomePod, Apple TV, MacBook Pro, budget iPads, Apple Watch, iPhone, and iMac, all of which could be released "as early as later this year" and have been...

2020 iPad Pro May Not Have a U1 Ultra Wideband Chip After All

Wednesday April 1, 2020 8:49 pm PDT by Joe Rossignol
While it was previously reported that all 2020 iPad Pro models feature the same Apple-designed U1 chip as the iPhone 11 lineup, enabling Ultra Wideband support, we have compiled evidence to suggest that this may not be the case. As a reminder, Apple's tech specs for the iPhone 11 and iPhone 11 Pro list an Ultra Wideband chip for spatial awareness, but the chip is not mentioned in Apple's...