Apple's 'USB Restricted Mode' closes security loophole on locked iPhones, thwarting police data extraction

The new software feature will by default protect against iPhone-hacking tool GrayKey

Apple will change the default settings of its iPhone to stop hackers from accessing information through the phones' Lightning port and as a result, will cut off a loophole used by the police to access protected iPhone data.

The Cupertino company says the changes are part of its regular security updates and its only aim is to provide better security for iPhone users, denying the changes were designed to stop US law enforcement from gaining access.

"We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identify thieves and intrusions into their personal data," Apple said in a statement.

"We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The new default settings will have a feature Apple call a "USB restricted mode" which has been present in developer betas for both iOS 12 and iOS 11.4.1. With this feature, all communication through a Lightning port to USB connection will be blocked on unlocked and dormant devices.

US law enforcement uses a tool called a GrayKey, which is a small box with two Lightning cables that can unlock password encryptions on iPhones and extract data from Cupertino's phones.  

The box downloads the contents of the device to an interface. However, the new feature will render these hacking tools useless.

The loophole applies to countries outside the US, including the UK, but its likely to impact the FBI who have an ongoing privacy battle with Apple which refused to help the police crack into an iPhone used by a gunman in the San Bernardino shootings in December 2015 which saw 14 people fatally shot. 

A similar situation arose in Devin Kelley shot 26 people and wounded 20 others in the Sutherland Springs, Texas shootings of November 2017. In this case, the police decided not to contact Apple for help initially and sent the shooter's iPhone SE to its own labs.

Apple said it immediately contacted the FBI after learning about the incident but it was instead they were met with a search warrant for the data held it held as well as for any files stored on another phone found near Kelley's body.

Advertisement - Article continues below

"We offered assistance and said we would expedite our response to any legal process they send us," Apple said at the time, noting that the efforts of the FBI made it more difficult to access the data on the iPhone.

Picture: Shutterstock - Malwarebytes Labs

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020