Apple Is Adding A New Feature That Prevents Police From Unlocking iPhones
It would prevent firms like Cellebrite, which reportedly helped the FBI in the San Bernardino case, from gaining access to locked devices.
Apple is adding a new feature that could block methods police use to download data from locked iPhones.
Last week, at Apple's annual developer conference, the company unveiled the latest version of its operating system for iPhone and iPad, iOS 12. In addition to tools to break your iPhone addiction, "Memojis," and group FaceTime, Apple is also rolling out a new security feature in the update called USB Restricted Mode, which prevents tools used by law enforcement to unlock devices, reports Motherboard. The company acknowledged to Reuters that the feature was designed in part for users in countries where phones are easily obtained by police and criminals.
In an emailed statement, an Apple spokesperson wrote, We have the greatest respect for law enforcement, and we dont design our security improvements to frustrate their efforts to do their jobs." Apple also said it has staff available 24/7 who are dedicated to assisting law enforcement with information requests. The company has long challenged the FBI's request to break into a passcode-protected iPhone used by one of the San Bernadino shooters.
With USB Restricted Mode on, iPhone users will need to enter their passcode every hour to maintain a USB connection for data transfer.
A passcode is currently required when transferring data from an iPhone to a computer through iTunes. But mobile forensic firms figured out how to work around the need for a passcode, and transfer data from the iPhone without it.
iOS 12's new USB Restricted Mode closes that loophole. When this feature is turned on, the phone's Lightning port is disabled for data transfer one hour after the phone is locked, but can still be used for charging with a power adapter. To transfer any data after that one hour window has expired, whether via iTunes or other means, the device will require a passcode.
When you first plug in your iPhone to a computer, iTunes will ask you to "Trust" this computer. Those trusted secondary devices allow tools to access iPhone data without the passcode unless USB Restricted Mode is enabled.
Oleg Afonin of the ElcomSoft security blog explains that the loophole involved using a small file extracted from the suspect's computer or other "trusted device" called a lockdown record. This file allowed iPhone cracking software to create a backup of the phone and access its data (pictures, videos, apps, etc.) without a passcode. USB Restricted Mode, however, will not allow those tools to bypass the passcode. Data transfer via USB will be completely shut off without re-entering the iPhone's passcode every hour.
USB Restricted Mode can be turned in the iOS 12 beta version of the Settings app, under Face ID & Passcode. A version of USB Restricted Mode was introduced in the iOS 11.4 beta update, and required passcode re-entry every seven days to maintain a USB connection. The new iOS 12 feature has shortened that requirement to every hour.
The feature would prevent mobile forensic firms like Cellebrite, which reportedly helped the FBI unlock the iPhone in the San Bernardino shooting case, gain access to iOS devices.
iOS 11.4.1 & 12 include USB Restricted Mode. This feature forces users to unlock an iPhone w/ passcode when connecting to a USB accessory everytime the phone has not been unlocked for an hour. A major blow to Cellebrite & GrayShift, which police depts use to hack into iPhones. https://t.co/FWF4KxywJ0
USB Restricted Mode would also block another tool shown to have been used by law enforcement to extract data from locked devices, called GrayKey, made by a company called Grayshift. Both GrayKey and Cellebrite's method require physical access to the device.
The iOS 12 developer beta is available now, and the public beta is coming soon (sign up at beta.apple.com) but be warned: Betas are buggy and you should definitely back up your device before installing.
An explanation from security blog ElcomSoft regarding how the loophole works has been added to the text for clarification.