Night mode is an automatic setting which takes advantage of the new wide-angle camera that's in the iPhone 11 and 11 Pro models. It's equipped with a larger sensor that is able to let in more light, allowing for brighter photos when the light is low.
macOS Catalina Now Available
Security Researchers Find Way to Prevent USB Restricted Mode From Activating on iOS Devices
Security researchers claim to have discovered a loophole that prevents an iPhone or iPad from activating USB Restricted Mode, Apple's latest anti-hacking feature in iOS 12 beta and iOS 11.4.1, which was released on Monday.
USB Restricted Mode is designed to make iPhones and iPads immune to certain hacking techniques that use a USB connection to download data through the Lightning connector to crack the passcode.
iOS 11.4.1 and iOS 12 prevent this by default by disabling data access to the Lightning port if it's been more than an hour since the iOS device was last unlocked. Users can also quickly disable the USB connection manually by engaging Emergency SOS mode.
However, researchers at cybersecurity firm ElcomSoft claim to have discovered a loophole that resets the one-hour counter. The bypass technique involves connecting a USB accessory into the Lightning port of the iOS device, which prevents USB Restricted Mode from locking after one hour.
ElcomSoft's Oleg Afonin explained the technique in a blog post:
Afonin notes that ElcomSoft found no obvious way to break USB Restricted Mode once it has been engaged, suggesting the vulnerability is, in his words, "probably nothing more than an oversight" on Apple's part. Still, at present its existence provides a potential avenue for law enforcement or other potentially malicious actors to prevent USB Restricted Mode from activating shortly after seizure.
Both iOS 11.4.1 and iOS 12 beta 2 are said to exhibit the same behavior when exploiting the loophole. However, expect this to change in subsequent versions of iOS – Apple continually works on strengthening security protections and addressing iPhone vulnerabilities as quickly as possible to defend against hackers.
Apple reportedly introduced USB restrictions to disable commercial passcode cracking tools like GrayKey. Afonin cites rumors that the newer GrayShift tool is able to defeat the protection provided by USB Restricted Mode, but the research community has yet to see firm evidence confirming this.
USB Restricted Mode is designed to make iPhones and iPads immune to certain hacking techniques that use a USB connection to download data through the Lightning connector to crack the passcode.
iOS 11.4.1 and iOS 12 prevent this by default by disabling data access to the Lightning port if it's been more than an hour since the iOS device was last unlocked. Users can also quickly disable the USB connection manually by engaging Emergency SOS mode.
However, researchers at cybersecurity firm ElcomSoft claim to have discovered a loophole that resets the one-hour counter. The bypass technique involves connecting a USB accessory into the Lightning port of the iOS device, which prevents USB Restricted Mode from locking after one hour.
ElcomSoft's Oleg Afonin explained the technique in a blog post:
What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.According to Afonin, Apple's own $39 Lightning to USB 3 Camera Adapter can be used to reset the counter. Researchers are currently testing a mix of official and third-party adapters to see what else works with the bypass technique.
Afonin notes that ElcomSoft found no obvious way to break USB Restricted Mode once it has been engaged, suggesting the vulnerability is, in his words, "probably nothing more than an oversight" on Apple's part. Still, at present its existence provides a potential avenue for law enforcement or other potentially malicious actors to prevent USB Restricted Mode from activating shortly after seizure.
Both iOS 11.4.1 and iOS 12 beta 2 are said to exhibit the same behavior when exploiting the loophole. However, expect this to change in subsequent versions of iOS – Apple continually works on strengthening security protections and addressing iPhone vulnerabilities as quickly as possible to defend against hackers.
Apple reportedly introduced USB restrictions to disable commercial passcode cracking tools like GrayKey. Afonin cites rumors that the newer GrayShift tool is able to defeat the protection provided by USB Restricted Mode, but the research community has yet to see firm evidence confirming this.
Tag: Apple security
[ 68 comments ]
Top Rated Comments
(View all)
17 months ago
Interesting, so the cops would need to confiscate the alleged evidence and transport it back to wherever they take it and then keep it plugged into the device. might be tough to do within an hour, but I'm sure they'll find a way. And I'm also sure Apple will find a way to close this loophole. Cat and mouse continues.
17 months ago
There is always going to be a ping-pong, back-and-forth effect to this kind of thing with problems and solutions; but having an Apple device and having Apple on your side working to protect it is, while not perfect, the closest thing to it you will find with any company. Nobody else really cares about protecting your data quite like Apple does.
17 months ago
Have I misunderstood this? What they're saying is that <1 hour and you plug in a USB, it resets the count-down timer for the USB lockout.
So imagine you unlock/lock your phone, and plug it in to your computer shortly afterward. You wouldn't want the USB lock to engage would you? Say for example if you were copying 100GB of movies to it.
Or is the lack of 'trusted' devices enabling the reset of the counter? I.e. A mistake on the expected behaviour.
PS. I've not had nearly enough coffee yet.
So imagine you unlock/lock your phone, and plug it in to your computer shortly afterward. You wouldn't want the USB lock to engage would you? Say for example if you were copying 100GB of movies to it.
Or is the lack of 'trusted' devices enabling the reset of the counter? I.e. A mistake on the expected behaviour.
PS. I've not had nearly enough coffee yet.
17 months ago
Makes sense seeing some accessories like the HDMI adapter do not require authorization in the first place.
I wouldn't see this as an oversight. Can't have a perfect solution.
I wouldn't see this as an oversight. Can't have a perfect solution.
17 months ago
One could also change the 6-digit PIN to a password (mix of characters) and defeat any graybox regardless.
17 months ago
Apple has never been good on security.
They invest a lot in terms of making sure the iPhone cant be hacked, sideloading apps etc... But security on iOS and OSX has always been something they don't spend a lot of resources on.
How is this news? Seems click-bait-y to me. "Scary headline" followed by predicable "Apple have never been good on security" blah blah... honestly, a lot of companies would not be putting it up to the FBI like this. I think its unlikely they'll be arriving at crime scenes and finding very many phones locked in under an hour. Or, considering this was all sparked by the San Bernardino (no?) case, that guy's 'second' phone was at home, in his house, and it was a few days before the FBI were on the scene. What Apple have put in place here seems a very strong statement of the company's intention to protect civil liberties.
17 months ago
One possible Improvement:
Only keep Lightning enabled if a device is present at the time I lock the phone and only as long as that device is connected.
Otherwise disable the port instantly when I lock the phone.
Of course that is something that users would notice so it probably has to be an option
[doublepost=1531218890][/doublepost]
Charging is not affected by the port locking down
Only keep Lightning enabled if a device is present at the time I lock the phone and only as long as that device is connected.
Otherwise disable the port instantly when I lock the phone.
Of course that is something that users would notice so it probably has to be an option
[doublepost=1531218890][/doublepost]
If regular users did this, at 59 minutes mark, the timers resets, but in a 'good' way, because nothing would be more frustrating than a user charging a phone and the the device cannot be charged anymore because of USB restricted mode 'Enabled', after 60 minutes.
Charging is not affected by the port locking down
17 months ago
How about this. Let me completely disable port data usage because I never use it for anything anyways.
17 months ago
In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.
In other news, if you leave your phone unlocked, someone can make it stay unlocked by playing with it.
Or like an iPad with an option set: lock after 4 hours, etc. of not using
USB Restricted Mode is not so different here, it locks after one hour after of NOT using, so someone can prolong this period by connecting it to any* device.
Yes, this is an oversight, that *some* devices (not just trusted) can prolong this behavior, but once locked:
Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.
Maybe it's not a mistake, but the design of this secure connection, maybe if it doesn't transmit any data with untrusted devices, it doesn't know it's trusted or untrusted. Moreover, they didn't want to make it so much pain in the ass (what suggest a lack of option Immediately, just at least 1 hour) so it prolongs this time (lockdown timer) by being connected just to any device.
After all, when the police grabs a malicious iPhone, they very often have an access to their computers, e.g. when they raid some hidden places of criminals. So even if Apple will set this to Immediately, criminals should watch out.
[ Read All Comments ]
This week saw a new addition to Apple's Beats headphones lineup, while Apple appears to have leaked images of its upcoming 16-inch MacBook Pro in the new macOS 10.15.1 betas.
Other top...
For this week's giveaway, we've teamed up with Plex to offer MacRumors readers a chance to win a cord-cutting bundle that includes a lifetime Plex Pass, an antenna, and a TV tuner for...
Google Maps for iOS is gaining a new feature today that's designed to allow people to report crashes, speed traps, and traffic slowdowns right from their iPhones.
Reporting traffic accidents...
Apple this week introduced Beats Studio3 Wireless Headphones in a new Camo Collection, available in either Forest Green or Sand Dune.
The Beats Studio3 Wireless Headphones in the Camo Collection...
Apple Arcade gained a batch of new games today for the iPhone, iPad, Apple TV, and Mac.
The latest titles available include real-time player-versus-player baseball game "Ballistic...
Apple today sent out emails for a new Apple Pay promotion, offering a $5 discount on groceries when you spend $35 or more through Instacart. To get the discount, you'll need to use Apple...
Luna Display today introduced a new Mac-to-Mac mode that allows any Mac released within the last decade to be used as a second display for another Mac. This includes any combination of Macs, ranging...
Apple has released a third trailer for the upcoming comedy series "Dickinson" ahead of its November 1 premiere on Apple TV+.
Dickinson is a half-hour comedy series starring...
