Researchers discover a loophole that extends the one-hour timer of restricted USB mode



[ad_1]

Just hours after Apple launched the restricted USB mode in its latest iOS 11.4.1 firmware, security researchers have discovered an easy-to-implement workaround that prevents functionality from working as planned.

GrayKey iPhone Grayshift cracking tool. | Source: MalwareBytes

While testing for months, and released earlier today, Restricted Mode USB is Apple's answer to iPhone intrusion techniques that use third-party software to crack the device access codes.

When enabled, this feature disables USB data processes, performed through the Lightning port of an iPhone, when the device remains locked for more than one hour. After reaching the predetermined time limit, Lightning is only able to transmit the iPhone to the iPhone.

The mechanism disrupts the hacking techniques used by criminals, as well as the tools marketed by the digital firm Grayshift. box requires access to an operational USB port.

According to security researchers at ElcomSoft, however, the Restricted USB Mode countdown resets when a Lightning Accessory as the Apple Lightning Adapter to USB 3 is connected to a target iPhone, which cancel the security protocol. Even unapproved accessories, or those that have not yet interfaced with an iPhone, can be used to reset the meter.

ElcomSoft is experimenting with unofficial Lightning to USB adapters to see if they too can extend the time limit by one hour.

The USB accessory procedure is not viable once USB restricted mode is activated. Through testing, ElcomSoft has confirmed that a successful lock is maintained by reboots, and that it persists in restoring the software via the Recovery Mode, that is, we have not found any obvious way to break the restricted USB mode once it is already activated. According to the firm, iPhone owners pick up, unlock and constantly use their devices throughout the day, increasing the chances that target hardware can be intercepted within one hour.

"In other words, once the policeman picks up an iPhone, he must immediately connect that iPhone to a compatible USB accessory to prevent locking the USB restricted mode after one hour," Oleg Afonin says. 39; ElcomSoft in an article.

An ideal accessory should include means of power transfer to the iPhone, as the appropriate forensic techniques require a device to carry in a Faraday bag or the like to prevent communication with cellular networks. This results in extreme battery depletion because the iPhone speeds up the power of its communication battery when it looks for a proper signal.

Afonin guesses that the loophole of USB restricted mode is the result of an oversight on the part of Apple. Overcoming (or delaying more precisely the activation of) an otherwise well thought out security protocol with readily available consumer products is probably not what Apple had in mind when he created the feature. Still, the workaround exists in both iOS 11.4.1 and the latest iOS 12 beta.

Apple could rectify the problem in a future release, but for the time being, the restricted USB mode is vulnerable until you reach it. his window of a preset time closes.

[ad_2]
Source link