Apple security flaw means police can easily crack suspect’s iPhones

Police can STILL break into your iPhone without permission using a simple hack that bypasses Apple’s new iOS 11.4.1 ‘cracking defence tool’

  • ‘USB Restricted Mode’ is designed to protect against Lightning port accessories 
  • It came after revelations US law enforcement were eyeing kit called ‘GrayKey’
  • This can be used to easily crack open locked iPhones using the Lightning port
  • The tool should make iPhone’s inaccessible after they are locked for one hour
  • The workaround was discovered by Moscow cybersecurity firm ElcomSoft
  • Experts used a simple Lightning port accessory to bypass the measure
  • e-mail

12

View
comments

Less than 24 hours after Apple revealed a new ‘cracking defence tool’, security researchers have found a way to get around it. 

The tool, issued as part of the iOS 11.4.1 update yesterday, blocks passcode cracking tools used by law enforcement to access iPhones without permission.

Called USB Restricted Mode, it is meant to make an iPhone unaccessible to third-party software after its screen has been locked for one hour. 

This means that law enforcement, hackers or any one else who wants to copy the contents of your phone to a computer, flash drive or similar device are out of luck.

However, experts found that if you plug in an accessory and follow some simple steps before the hour screen lock cut off, you can get around this restriction.

Scroll down for video 


Apple claimed it would make it harder for police to break into your phone without your permission, but a security flaw found in a new feature has rendered it useless. Experts discovered that by connecting a Lightning adaptor (pictured) they could bypass the measure

‘USB Restricted Mode’, released on Monday, is designed to protect against USB accessories that connect to the iPhone’s Lightning port. 

It came after it was revealed that US law enforcement agencies were eyeing a technology called ‘GrayKey’, which can easily crack open locked iPhones using the port.

The workaround was discovered by cybersecurity firm ElcomSoft, based in Moscow.

ElcomSoft connected a compatible Lightning accessory, the official Lightning to USB 3 Camera Adaptor, before the screen had been locked for an hour.

They then connected the iPhone an external battery pack to the adaptor, to avoid the iPhone’s battery draining and the device powering down. 

They then placed the entire assembly in a Faraday bag, which blocks wireless signals from entering. 

  • Open-plan offices make people chat LESS because employees… Starbucks will charge all UK customers a 5p paper cup levy… Chinese government start-up expands its plans to use… The moment a FOUR MILE long iceberg breaks off a Greenland…

Share this article

Writing on the site, researcher Oleg Afonin said: ‘According to our tests, this effectively disables USB Restricted Mode countdown timer, and allows safely transporting the seized device to the lab.’

That means whoever has the handset is free to access its internal memory and whatever information that contains. 

‘If you get a message that the device should be unlocked in order to use the accessory when you connect it, then USB restricted mode has been activated already, and there is nothing you can do about that, sorry,’ Mr Afonin added

‘What are the chances that the device is seized within an hour after last unlock? Quite high.

‘We were not able to find recent stats, but even two years ago an average user unlocked their iPhone at least 80 times a day.’


The tool is designed to make the iPhone inaccessible to accessories of any kind after its screen has been locked for one hour. That would mean any one who wants to copy the contents of your phone to a computer, flash drive or similar device would be out of luck (stock image)

HOW DOES THE APPLE IPHONE USB RESTRICTED MODE WORKAROUND WORK?

Security researchers discovered a simple bypass to get around Apple’s  ‘USB Restricted Mode’, issued as part of the iOS 11.4.1 update.

The tool should make the iPhone inaccessible to accessories of any kind after its screen has been locked for one hour. 

It came after it was revealed that US law enforcement agencies were eyeing a technology called ‘GrayKey’, which can easily crack open locked iPhones using the Lightning port.

 Cybersecurity firm ElcomSoft, based in Moscow, connected a compatible Lightning accessory – the official Lightning to USB 3 Camera Adaptor – before the screen had been locked for an hour.

They then connected the iPhone an external battery pack to the adaptor, to avoid the iPhone’s battery draining and the device powering down.

They then placed the entire assembly in a Faraday bag, which blocks wireless signals from entering. 

This effectively disables USB Restricted Mode’s countdown timer, and allows safe transportation of the seized device to the lab.

That means whoever has the handset is free to access its internal memory and whatever information that contains. 

USB Restricted Mode is located in Settings, under the Face ID & Passcode/Touch ID & Passcode tab. 

Near the bottom, there’s a toggle to turn on ‘USB Accessories.’ 

In the 11.4.1 release, Apple explains that the USB Accessories setting will be turned off by default. 

‘If you don’t connect to USB accessories regularly, you might need to turn on this setting manually,’ the firm noted. 

‘…When the USB Accessories setting is off, as in the image above, you might need to unlock your iOS device to connect USB accessories.’

When USB Accessories is turned off, if your iPhone or iPad has been locked for more than hour, iOS will prevent USB accessories from connecting to the device. 


‘USB Restricted Mode’, issued as part of the iOS 11.4.1 update (pictured).  Apple claimed that the USB Accessories setting will be turned off by default. Also included in the software updates are fixes for the AirPods and other bugs

Users can still charge their phone or tablet, but data can’t be sent to or from the Lightning port when the device is in this mode, Apple claimed on Monday,

If users want to continue using accessories even after their device has been locked for more than hour, the USB Accessories feature can be toggled on. 

USB Restricted Mode is also expected to be included in iOS 12, which will be released to the public later this year.  

The move was expected to help avert the use of technologies like GrayKey, however, Apple says it didn’t devise the feature with that objective specifically in mind.

‘We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves, and intrusions into their personal data,’ Apple said in a statement to the Verge.    

‘We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.’    


The fool came after it was revealed that US law enforcement agencies were eyeing a technology called ‘GrayKey’, which can easily crack open locked iPhones  (pictured)

HOW DOES GRAYKEY WORK?

GrayKey is a box that’s four inches wide by four inches deep that has two lightning cables sticking out of the front of the device. 

Officials connect up to two iPhones at once to the box for about two minutes. 

Then, after anywhere from two hours to three days, the phone will display a black screen showing the device’s passcode and other information.

Once the device is unlocked, the data is downloaded from GrayKey and can be viewed on a computer. 

According to Malwarebytes, GrayKey works on almost any iPhone model and any devices running iOS 11. 

Police can pay $15,000 (£10,500) for the device, though it can only be accessed with an internet connection and for up to 300 uses. 

Another version costs $30,000 (£21,000), requires no internet connection and comes with unlimited use.

It’s been rumored for several months that Apple was prepping a restricted mode for its phones and tablets after beta testers spotted such a feature. 

GrayKey, which is developed by shadowy Atlanta-based startup Grayshift, is being utilised by more and more law enforcement agencies.  

It’s a small, 4×4 box that can unlock two iPhones at a time using lightning cables.

To use it, law enforcement connects an iPhone to the box for about two minutes.

Then, after anywhere from two hours to three days, the phone will display a black screen showing the device’s passcode and other information, according to Malwarebytes.

Currently, anyone who’s obtained physical access to an iPhone has to have a passcode or fingerprint authentication to unlock it and access data like contact lists, messages or photos.

After several incorrect attempts to unlock an iPhone, the device disables further attempts by increasing the amount of time in between each guess.

The iPhone may also delete a user’s data after too many incorrect guesses.


GrayKey, which is developed by Atlanta-based startup Grayshift, is being utilised by more and more law enforcement agencies. To use it, cops connect an iPhone to the box for two minutes


After anywhere from two hours to three days, the phone will display a black screen showing the device’s passcode and other information. It gives cops an easy way to crack open iPhones

GrayKey provides an easy way for police to crack open an iPhone, which encrypts user data by default.

For that reason, more and more federal and local law enforcement are interested in buying the device. 

The US Secret Service intends on buying about six of the GrayKey boxes to unlock iPhones, Motherboard noted.

Meanwhile, the US State Department has already purchased the technology and the Drug Enforcement Administration is looking into it.

The FBI is also interested in buying GrayKey boxes.

Additionally, police in Maryland and Indiana have already bought or are thinking about buying it.   

Source: Read Full Article