Apple has introduced a new security feature in iOS 11.4 beta that restricts Lightning Connector access to 7-days and if the iOS device has not been unlocked for 7 days, it will disable the USB communication of the device. This new security measure has implications for law enforcement tools such as the GrayKey box.
Elcomsoft outlined the USB Restricted Mode after testing that the feature has indeed been enabled. As per Elcomsoft’s testing, if an iOs device running iOS 11.4 has not been unlocked days using a passcode or connected to a paired computer in the last 7 days, the Lightning port becomes useless for data access and becomes limited to charging only.
At this point, it is still unclear whether the USB port is blocked if the device has not been unlocked with a passcode for 7 consecutive days; if the device has not been unlocked at all (password or biometrics); or if the device has not been unlocked or connected to a trusted USB device or computer.
In our test, we were able to confirm the USB lock after the device has been left idle for 7 days. During this period, we have not tried to unlock the device with Touch ID or connect it to a paired USB device. What we do know, however, is that after the 7 days the Lightning port is only good for charging.
With this new security measure from Apple, it seems like the law enforcement officials and the bad actors who have a physical access to the device will have one week from the time that it was last unlocked to attempt to gain access to the device’s content through unlocking tools such as GrayKey. After 7 days since last unlock, the Lightning Port will automatically be disabled which is used by GrayKey like tools to install software to crack the passcode of a locked iOS device.
USB Restricted Mode won’t prevent GrayKey box like tools from attempting to crack into an iOS device data, but the newly added mode will only allow such tools to discover the passcode within a matter of days, or never.
The developer documentation posted by Apple read that the new mode is meant to improve the security on your iPhone and iPad: “To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via Lightning connector to the device while unlocked – or enter your device passcode while connected – at least once a week.”
The companies behind iPhone unlocking tools such as GrayShift provides these tools to law enforcement agencies while keeping their unlocking methods highly secretive to prevent Apple from patching the exploits being used. But, Apple has its own way of restricting such tools and USB Restricted Mode is one such way. While it does not patch the exploits used by the unlocking tools, it effectively reduces the chances of cracking into an iOS device.