iOS 11.4 Disables Lightning Connector After 7 Days, Limiting Law Enforcement Access

The iOS 11.4 update, currently being beta tested, includes a USB Restricted Mode that introduces a week-long expiration date on access to the Lightning port on your iOS devices if your phone hasn't been unlocked, which has implications for law enforcement tools like the GrayKey box.

USB Restricted Mode was outlined this morning by Elcomsoft after testing confirmed that the feature has indeed been enabled. In Elcomsoft's experience, after an iPhone or iPad has been updated to iOS 11.4, if it hasn't been unlocked or connected to a paired computer in the last 7 days using a passcode, the Lightning port is useless for data access and limited to charging.
At this point, it is still unclear whether the USB port is blocked if the device has not been unlocked with a passcode for 7 consecutive days; if the device has not been unlocked at all (password or biometrics); or if the device has not been unlocked or connected to a trusted USB device or computer.

In our test, we were able to confirm the USB lock after the device has been left idle for 7 days. During this period, we have not tried to unlock the device with Touch ID or connect it to a paired USB device. What we do know, however, is that after the 7 days the Lightning port is only good for charging.
With a time limit on the Lightning port, it seems law enforcement officials and bad actors who have physical access to a device will have one week from the time that it was last unlocked to attempt to access it through unlocking tools like the GrayKey, which uses the Lightning port to install software to crack the passcode of an iOS device.

USB Restricted Mode won't prevent tools like the GrayKey box from being used on an iPhone, but it does suggest that the passcode needs to be discovered within a matter of days, severely limiting the amount of time that law enforcement officials have to get into a device.

In developer documentation, Apple says the new mode is meant to bolster security on the iPhone and iPad: "To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via Lightning connector to the device while unlocked - or enter your device passcode while connected - at least once a week."

Apple is pairing the new USB Restricted Mode with several other security features that have been introduced through iOS 11 updates. Early iOS 11 updates introduced expiration dates for local backup techniques used to access iOS devices, while iOS 11.3 introduced further limits, cutting down access to just one week.

GrayKey iPhone unlocking box, via MalwareBytes

Companies like GrayShift that provide iPhone unlocking tools to law enforcement agencies keep their methods highly secretive to prevent Apple from discovering and patching the exploits being used for access, but USB Restricted Mode and restricted access to local backups introduce clever mitigations that allow Apple to limit these tools even if the specific vulnerabilities haven't yet been addressed.

USB Restricted Mode was actually first introduced in the iOS 11.3 beta, but it didn't make it into the iOS 11.3 release, so its presence in the iOS 11.4 beta does not guarantee that it will be included when iOS 11.4 launches to the public.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

(View all)

22 months ago
Nice! Now would be even nicer if it was shorter then 7 days. 1 day is fine with me. A couple of hours would be fine with me too.
Rating: 116 Votes
22 months ago
why wait a week? Why not daily?
Rating: 38 Votes
22 months ago

Nice! Now would be even nicer if it was shorter then 7 days. 1 day is fine with me. A couple of hours would be fine with me too.

An opt-in option to enter the passcode (Face ID or Touch ID) every time you connect the iPhone to Mac or PC would be nice as well.
Rating: 36 Votes
22 months ago
Now THAT is a genius solution, especially as it cuts off those who diligently attempt to update/create more bypasses at the advent of each new OS iteration. Well done, Apple!
Rating: 35 Votes
22 months ago
Why are they waiting 7 days?
Rating: 31 Votes
22 months ago
Please Apple, impliment this but make the delay user configurable with a max and a default of say 7 days.
I'd set mine to 2 hours...
And no, I don't have anything to hide apart from my life.
Then go one step further and allow the device to initiate a security erase in the background if attempts are made to unlock it via USB.
Yes, shades of mission impossible but TBH, I want snooping on my phone to be a 'mission impossible'.
Rating: 31 Votes
22 months ago

After reading all the comments... WHAT SORT OF STUFF ARE YOU ALL HIDING IN YOUR PHONES?

What are you so scared of?

Personal stuff. No one needs to see my personal photos, my email addresses, contacts, and others.

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”- Edward Snowden
Rating: 22 Votes
22 months ago

An unintended downside: imagine you have a close friend or family member pass away. You/their family want to access their devices afterwards for photos, remembrance, information about their final days, etc. Absent the biometric and passcode (which I am assuming you don't have) you will need the cord access to get in. With a billion devices out there, I am thinking this will happen more frequently than the law enforcement access it is intended to prevent.

And to anyone who wonders why this would even be necessary, I submit you have not suddenly lost a loved one. Not uncommon to go looking for answers or solace in their devices, notify friends of the passing, etc. Asking people to try to get in there within 7 days isn't always realistic or feasible.

If you don't have the passcode, then you aren't getting into their phone either way.
Rating: 20 Votes
22 months ago

But what happens if your phone battery died and it's been 7 days for instance you lost your phone and found it later you couldn't plug it in in order to use your passcode? I guess those case would be rare.

This just prevents the phone from being accessed by a computer. You can still charge via the Lightning port. It's a data block, not a total cut off of all Lightning functionality including power.
Rating: 16 Votes
22 months ago

Yeah, there are never any reasons for the government to need access. Certainly not thousands of children molested and their exploited photos traded around with pedophiles. There's no white collar crime or terrorism in the world. Yup, you've got it, there's never a good reason that they may need to access a device. Never.

You can attempt to argue with me all you want. I'm not going to engage. I'm just glad Apple is on the right side.
Rating: 16 Votes

[ Read All Comments ]