Apple Releases iOS 11.4.1, Blocks Passcode Cracking Tools Used By Police

An anonymous reader quotes a report from The Verge: Apple today released iOS 11.4.1, and while most of us are already looking ahead to all the new stuff coming in iOS 12, this small update contains an important new security feature: USB Restricted Mode. Apple has added protections against the USB devices being used by law enforcement and private companies that connect over Lightning to crack an iPhone's passcode and evade Apple's usual encryption safeguards.

If you go to Settings and check under Face ID (or Touch ID) & Passcode, you'll see a new toggle for USB Accessories. By default, the switch is off. This means that once your iPhone or iPad has been locked for over an hour straight, iOS will no longer allow USB accessories to connect to the device -- shutting out cracking tools like GrayKey as a result. If you've got accessories that you want to continue working after your iPhone has been sitting locked for awhile, you can toggle the option on to remove the hour limit. Apple's wording is a bit confusing. You should leave the toggle disabled if you want your iPhone to be most secure.

Thanks

[saloomy]

I feel better now that if anyone wants to access my phone, they need to ask me first. If only the carriers would stand up for us the same way.

Re:Thanks

[saloomy]

Note: I realize there are probably other vulnerabilities out there, and this will probably be a never-ending game of chess between law enforcement / authoritarian governments, and big tech. It is just great to see them pushing back against George Orwell's 1984.

Re: Thanks

With Android, you don't have to use a "Grey Key", any old app from the Google Play Store will do.

Microsoft... man I'm not going to even touch that one. Last time the "patched" a bug, they broke L2TP VPNs

Re:Thanks

lol - ETA to another way in? less than a month. If it doesn't already exist.

Re: Thanks

mine never broke. maybe it was your broke ass pirated windows.... ;)

Re:Thanks

[dgatwood]

It already exists. It's called "crack open the phone immediately". I'd be a lot more impressed with this technology if the user could configure the time all the way down to zero. There's no valid reason to allow new external devices to be probed while the phone is locked—not even one second after the phone is locked. The user can't do anything with those external devices without unlocking the device anyway.

This is, of course, as opposed to communicating with existing, known devices while the device is locked, which could be used by things like docks. Basically, it should stop probing for new devices immediately, and lock the port when the last device disappears, or immediately if there's nothing plugged into the port.

Re: Thanks

It's actually a well documented problem.

This caused issues for a lot of corporate users (who usually aren't broke). Also, we're in an iPhone updates discussion thread, which is a healthy indicator that the last thing we are is broke.

Re: Thanks

[saloomy]

First, Apple's hardware consistently outperforms the competition. Do you actually research? iPhones have the fastest bench marks in the industry. That really isn't disputed, by anyone.

Second, they are a corporation, of course they are profit driven. You think Google and Samsung hawk phones for the goodness of their souls or some religious calling? Please. Take a fucking chill pill and calm the fuck down.

Re:Thanks

[hcs_$reboot]

What about Android?

Re: Thanks

[TigerPlish]

Found El Trumpo, Donald the Worst.

Yea, we know you use an iphone because of the broken '.

Re: Thanks

Google thinks customers first and worried about money later. And no, their hardware IS crap. AND THEY DO NOT OUTPERFORM.

Iâ(TM)ve done more research than you will ever. If you want a decent laptop without a piece of shit unless touch bar ur stuck with a 4 year old chipset. Take a look macroumwrs buying guides for their computers and see which ones are on âdonâ(TM)t buyâ(TM). What the fu k is with the air, and the Mac mini. The iMac pro is an overpriced piece of shit that Mac frantics are racing overs. Where can you find a VR supported Mac. They just suck. Behind the times, or stuck at the times of thinking they can wow their base by crappy gimmicks, and shaving off a few mm from their laptop while killing the battery. They are just dumb.

They do not outperform shit. Ever since Steve jobs was gone, the fucking company went downhill. I hate them. They suck.

Re: Thanks

The only reason I use one is cuz my work makes me to use it. Yeah, big brother that you ignorant fool. Iâ(TM)d muxh rather have the cops have the same snooping that Apple allows companies to have on their staff.

And I hate the phone. Siri is a piece of shit. Iâ(TM)m dying for the pixel.

Re: Thanks

[TigerPlish]

Simmer down, Mr. President, have your burger and diet coke, and take a deep breath.. You think Apple is into Big Brotherish behavior? Oh man wait till you get anything Android, where data-siphoning apps are so much more available.

But whatever. Sounds to me like you've made up your mind. Do what you want, 'tis a free country... for now.

And you do know that since it is your employer's phone they can plant whatever they wish on it, yes? Oh, you didn't? Poor little fool. Their kit, their rules, love it or leave it.

Re: Thanks

"Google thinks customers first"??

Maybe as "the product". Heh.

Talk about reality distortion fields.

Re:Thanks

We have already gone a parsec or 2 beyond George Orwell's 1984.

Yes, bring on the push back.

Re:Thanks

[msauve]

Orwell's 1984? It's more like Gilliam's Brazil.

Re:Thanks

Yes, the question should be asked, why is there a 1 hour window at all.

Does Apple make use of this when you get your phone serviced?
Why does this backdoor need to remain open at all?

Re: Thanks

Why donâ(TM)t u say the same about the country u live in. Love it or leave it. Iâ(TM)m sure youâ(TM)ll enjoy Sirya (Siri a) and stop complaint about law enforcement doing their job. They should have full rights to access your phone. I donâ(TM)t care if they access mine. Iâ(TM)ll show them my family photos. I have nothing to hide.

And itâ(TM)s my own personal phone.

Re: Thanks

LOL its always funny when people consider other brands to have a religious following. apple is the only one where blind cult like behaviour is practised.

Re: Thanks

I have nothing to hide.

So you're ok with the world knowing your name ?

Post it here then, you cowardly cocksucker.

Re: Thanks

Also he is posting from iOS.....

Re: Thanks

2-button squeeze and the phone is immediately secured, no hour wait
FTFY

Re: Thanks

[TheFakeTimCook]

What do you mean? Yeah, so Now I feel safer knowing that law enforcement donâ(TM)t have tools they need to do their job. Wtf,

Apple is a piece of crap. I hate them and everything they stand for, including their money first customer second model. I mean who the fuck sells obsolete hardware at twice the price of newer hardware. Fuck them. This is all a money thing for them.

Ahem.

First, they don't sell obsolete hardware in the laptop/desktop arena. Mac mini and the current Mac Pro notwithstanding.

Second, I don't know what delusional, Blind Apple Hating world you live in; but out here in FACT-land, mist people agree that Apple's mobile device performance is generally at LEAST a full generation ahead of the competition.

So, kindly .FOAD, COWARD.

Re: Thanks

[TheFakeTimCook]

Google thinks customers first and worried about money later. And no, their hardware IS crap. AND THEY DO NOT OUTPERFORM.

Iâ(TM)ve done more research than you will ever. If you want a decent laptop without a piece of shit unless touch bar ur stuck with a 4 year old chipset. Take a look macroumwrs buying guides for their computers and see which ones are on âdonâ(TM)t buyâ(TM). What the fu k is with the air, and the Mac mini. The iMac pro is an overpriced piece of shit that Mac frantics are racing overs. Where can you find a VR supported Mac. They just suck. Behind the times, or stuck at the times of thinking they can wow their base by crappy gimmicks, and shaving off a few mm from their laptop while killing the battery. They are just dumb.

They do not outperform shit. Ever since Steve jobs was gone, the fucking company went downhill. I hate them. They suck.

You truly need to seek help. You are not even a little bit rational.

Re: Thanks

[TheFakeTimCook]

Also he is posting from iOS.....

Nice!

Re:Thanks

[TheFakeTimCook]

It already exists. It's called "crack open the phone immediately". I'd be a lot more impressed with this technology if the user could configure the time all the way down to zero. There's no valid reason to allow new external devices to be probed while the phone is locked—not even one second after the phone is locked. The user can't do anything with those external devices without unlocking the device anyway.

This is, of course, as opposed to communicating with existing, known devices while the device is locked, which could be used by things like docks. Basically, it should stop probing for new devices immediately, and lock the port when the last device disappears, or immediately if there's nothing plugged into the port.

While I agree, I am sure the one-hour timeout was set to balance security against convenience.

Having said that, the only reason I can think of to make the timeout non-adjustable is that makes it somewhat less vulnerable to hacking.

Re:Thanks

[AmiMoJo]

I don't see why they didn't make the time-out zero. On Android it's zero, every time you plug a USB cable in you have to unlock and enable the data connection if you need it.

What were Apple thinking?

Re: Thanks

[Highdude702]

I will agree with him on the laptop/desktop front.. However I've never liked apple, since the 90's when I was forced to use their garbage computers at school. Seems like the computers that actually needed to do real world work like the ones in my drafting classes, were PC's. Either way, there is no denying that iPhones are the best product apple has ever made, and the only phone I will consider using. However, jailbreaking is a must, which adds a bunch of work to keep secure. Android.. well they have been garbage since they came out. The Pixel was supposed to fix that and didn't.. Not to mention the insecure by default product model the phone vendors/carriers use.

Re: Thanks

LOL. Excuse him if he doesn't take the advice of a wackjob apple worshipper. His hatred of apple seems much more rational than your mindless devotion to a corporation. Id say you are the one that requires an intervention to get you free from apples cult like influence

Re: Thanks

LIAR! Everything apple sells is shit.

Re:Thanks

apple was just once again unsuccessfully copying the true innovators in the field.

Re: Thanks

"Google thinks customers first"??

Maybe as "the product". Heh.

Talk about reality distortion fields.

Well, customers are products, eh?

Re: Thanks

kewl story bra, what does a laptop have to do with phones? and why are you ranting from an ios device?

Re: Thanks

[TheFakeTimCook]

Seems like the computers that actually needed to do real world work like the ones in my drafting classes, were PC's.

You didn't reference whether you were talking about Apple //s or Macintoshes, both of which were in use in Education in the 1990s (the Apple // was sold until 1992, and there were STILL outcries from the Education market when they were discontinued). But I will assume you are talking about Macs.

Real work?

Matlab: First on Macs

Excel: First on Macs

GUI Microsoft Word: First on Macs

PowerPoint: First on Macs

Access: First on Macs (as Microsoft File)

Visual BASIC: First on Macs (as Microsoft BASIC for Macintosh)

Photoshop: First on Macs

Aldus PageMaker (now called Adobe InDesign): First on Macs

Aldus FreeHand: First on Macs

Adobe Illustrator: First on Macs

Adobe Acrobat: First on Macs (I believe)

Macromedia Dreamweaver: First on Macs

Human Genome Project: Exclusively done on Macs

And there are undoubtedly more; but that's the ones I can remember without ANY research.

Think there was any "real work" being done on those Applications? Or do you only consider that horrible PC CAD Application, AutoCAD (which was also released for the Mac in the 1990s), as being the arbiter of "Real Work"? BTW, AutoCAD WAS available for Macs until 1992 (last release for Macs was 12.0), and then again after 2010 (through the present). So, there.

And speaking of which, while you idiots were struggling with AutoCAD, we Mac users had VectorWorks (and before that, its 2D predecessor, the name of which escapes me), which did, and still does, whip ALL over AutoCAD.

Re: Thanks

Anecdotal evidence is useless to anyone but the person taking their experience as the end-all evidence they'll every need.

How nice for you that you've formed your opinion.

It's just opinion. Collect your enormous ego and move along.

Re:Thanks

[tlhIngan]

I don't see why they didn't make the time-out zero. On Android it's zero, every time you plug a USB cable in you have to unlock and enable the data connection if you need it.

What were Apple thinking?

To perhaps allow convenience for car owners who connect their phones to their cars via USB? Most of the time that's the most common use case so they'd connect their phones and drive away listening to tunes either directly over USB, via CarPlay or other option.

It's one of those "balance" things - you have to allow for pretty much what 90% of the population really cares about (listening to tunes in the car) versus security.

And since there's the SOS mode that's stupidly easy to trigger (press power button 5 times quickly - you can do it well under a second) that disables USB and biometrics instantly, this seems like a reasonable compromise.

Re: Thanks

I'm pretty sure your are wrong about many of those. And it is highly bias towards designed programs, which Macs are known for. I checked Matlab and it is from the late 1970's, way before Macs existed. I didn't check more, but I know people who work on the Human Genome Project and I don't know how you could think it was exclusively Macs. I've never seen a Mac based supercomputer.

Re: Thanks

He says "pretty sure you are wrong"

Then continues to not supply any citations to back him claim up. Nice.

Re: Thanks

[saloomy]

Here. Now you know.

Re: Thanks

All this proves is that apple provides no essential programs for they own crappy machines. They suck at software.

Re: Thanks

Im pretty sure he is wrong and purposely lying about all of them.

Except: China

[Bing+Tsher+E]

Except, Apple has done enough of some sort of *mumble*mumble* that China lets them sell their gadgets in China.

Do you really think if it's important, US agents don't bring it back with them from China to use here?

Re: Except: China

[saloomy]

Apple agreed to store Chinese data in China. This allows China to subpoena Apple for the data of its citizens.

But, Apple has a modus operandi to process as much data on the phone as possible, and encrypt with user-held decryption keys what it stores on its servers. They didn't generate and give China a special master key or the like. Whatever you can say about them, within the confines of the various bodies of law they operate it, they seem to push for the most privacy-focused solution to privacy challenges.

Re: Except: China

Thats a lot of words for "selling out" to China

s t u p i d a f

just stop the false advertising as if iPhones are some security behemoth.

choke holds crack all sorts of passwords and fingerprints and facial recognition software. usb is for on the sly. LE doesn't have to do that shit.

stop pumping lies.

Serious question:

[CaptainDork]

Why is this story always about iPhone?

Are Android and other mobile OS not an encryption concern for LEO?

Thanks.

Re:Serious question:

[GrandCow]

Correct, Android phones are (basically) an open book. There is some encryption but nothing near the level of protection of an iPhone. Yes, your friend isn't going to pick up your phone off the table and get past your passcode, but if someone with resources wants in to an Android phone, they're getting in fairly easily.

Re:Serious question:

Are Android and other mobile OS not an encryption concern for LEO?

Yeah, but it's only apple-weenies who get all upset about their precious data being secured. Obviously if you use Android you have chosen radical transparency.

Re:Serious question:

[TheRealMindChild]

How? Let's skip the rhetoric.

Re:Serious question:

[CaptainDork]

Why in simple hell is a question modded down?

I don't have an agenda. I just want to know why iPhones are the story and no other phones are, apparently, a concern.

And I ended it politely.

Re:Serious question:

[CaptainDork]

Thank you for the answer. I truly did not know. I've only owned an iPhone because work has paid for it.

Re:Serious question:

[Arkham]

Why in simple hell is a question modded down?

I don't have an agenda. I just want to know why iPhones are the story and no other phones are, apparently, a concern.

And I ended it politely.

Because many, many Android phones have unpatched vulnerabilities.

https://www.cnet.com/news/repo...
https://techtoday.io/71-of-and...

There are lots of articles. The number varies between 50% and 90% of phones. Even if the manufacturer by some miracle decides to update the phone, the carrier probably won't. Only a few phones (mostly Google devices) get updates direct from Google, and carriers don't generally push those because they get incentives from HTC, Samsung etc to sell the other phones instead.

Re:Serious question:

Why in simple hell is a question modded down? ...

Because many, many Android phones have unpatched vulnerabilities.

Huh?! Sorry if I'm a bit slow, but how the hell do unpatched Android vulnerabilities explain why OP's post was modded down?

Re:Serious question:

Currently all Android devices let you boot the device into a boot loader configuration where it doesn't load an operating system, all using nothing more than the buttons on the front and sides of the device.
Then basic debugging features can be enabled and through the USB port one can block copy the entire internal flash device.

The exact procedure can be different depending on the model and manufacturer of the hardware.
For my Nexus you just boot it up holding down power and volume-down buttons.

Apple has never allowed direct access to the boot loader in their devices, and as I recall it was around the iPhone 4 period when they started seriously fighting against any side attacks in use to convince the boot loader to behave otherwise with exploits.

This is conjecture now, but it seems this is down to the app store.
Jailbreaking was a pretty big scene to that point, and the main alternate app repository (cydia) had added payment handling and the ability to purchase apps from developers.
I suspect Apple didn't want to give up their lock down on this lucrative bit of their system.

Google never really care about that, so much so that adding another app store repository can be done by the end user through the GUI pretty easy.
There wouldn't be much concern about running your own software on the device when you have physical access (via boot loader debug commands) because they outright allowed you to run your own software on the device when you have physical access (via the GUI)

There was a story recently on slashdot about, I think it was Samsung?, who is planning to completely disable this and lock down their boot loaders similar to Apple, such that the OS can't be interrupted, with speculation in the comments that they also planned to disable side loading of apps.
I have no idea if this was anything more than rumor or not, but if that starts happening by more manufacturers perhaps the situation will be different in the near future.

Re:Serious question:

[hankwang]

The flash device is encrypted using a random-generated (strong) key that's stored on the phone but not on the flash device; the key itself is not derived from the PIN; instead, the key can be accessed only using the PIN . The secure subsystem will not allow brute-forcing the PIN, deleting the decryption key after too many attempts. So downloading the flash device will give you a lot of random numbers, at most telling you how much of the flash storage was in use. (Are you sure that you don't need to unlock the bootloader first? Unlockimg it will also result in a factory reset and erasing of the decryption key).

It's possible that some manufacturers don't have the secure subsystem (some Samsung devices on Android 4 required a long alphanumeric screen unlock code if device encryption was on, wtf?) but I would be surprised if this is the case for Nexus 5 and later.

Maybe Swillden, our local Android security expert, will chime in.

Re:Serious question:

Yeah, this isn't enough. Android copies passwords in clear text through java, has no hardware root of trust -- because it cannot due to the whole "we want to sell as much of this shit information gathering OS to as many hardware vendors as possible" business model -- and a host of other issues. Android is far superior in terms of user choice, but it is shit in avoiding tracking you and anything to do with security. Likewise, Apple is complete trash in terms of cost, user choice, and basically everything else. If you want security and easy to use -- you go Apple. If you want anything else, you go Android.

Re:Serious question:

[AmiMoJo]

Nope, Android devices are more secure than the iPhone.

Take the Pixel 2. Flash memory is encrypted with a key, same as the iPhone. Key is stored in a secure element, same as the iPhone. Arbitrarily long passwords supported, same as the iPhone.

But where Android is better is that you need to unlock the phone and enable USB data every single time you want to use it. There is no time-out, the moment you unplug the USB cable it's locked to charge only/host mode again.

Some manufacturers go even further, e.g. Samsung with it's "Knox" system, which was certified by the NSA and DoD.

Re:Serious question:

[AmiMoJo]

Mainly because Apple is way behind on this (Android locks USB data transfer the moment you unplug the cable, no one hour time-out or any of that nonsense) and we don't see unlock devices being sold for Android phones that claim to be secure.

For example, where are the unlock devices for the Pixel 2 or Galaxy S8 with Knox enabled?

Re:Serious question:

[AmiMoJo]

Only a few phones (mostly Google devices) get updates direct from Google

Untrue. All Android devices get updates direct from Google, it's a mandatory part of using the Android operating system (you must install Play Sevices that delivers the patches).

Also, if 90% of Android phones are vulnerable, why don't we see vast botnets consisting of a billion phones? Surely they would be an extremely attractive target for hackers, for botnets, for crypto mining and for stealing personal information. Yet somehow it doesn't happen... Perhaps because Android isn't so badly designed that an unpatched flaw in an ancient version of some component allows you to compromise the entire system.

Re:Serious question:

> But where Android is better is that you need to unlock the phone and enable USB data every single time you want to use it. There is no time-out, the moment you unplug the USB cable it's locked to charge only/host mode again.

I can assure you that they are less secure than iPhone. For starters, not everyone has a Pixel 2 which has that level of encryption.

Re:Serious question:

[AmiMoJo]

Huh, hard to tell what triggered the poor mod in that one. Android isn't security flaw ridden is somehow offensive to them??

Re:Serious question:

Excuse me, does Pixel 2 represent the whole "Android" devices? Or just its own brand? If so, then your statement -- "Nope, Android devices are more secure than the iPhone" -- is false. If you said "There exists Android devices that are more secure than iPhone," then it would be acceptable. People seem to generalize what they said in order to make stuff more credible. Only morons would agree because they have no brain.

Re:Serious question:

This is not poor modding, Android *is* more vulnerable. Just because there is some patching doesn't mean there aren't flaws.

Re:Serious question:

[ClaraBow]

Great point. This needs to be moded up!

Re:Serious question:

[Bearhouse]

Are Android and other mobile OS not an encryption concern for LEO?

They don't have any Android phones in Low Earth Orbit; couple of iPhones on the ISS, I hear...

Re:Serious question:

[CaptainDork]

Thank you.

I was puzzled that two companies are making a buck selling exploits for iPhone but there's no equivalent cottage industry for Android and Windows.

I appreciate your answer.

Re:Serious question:

It's funny, you don't seem to object GGP's remark: "Android phones are (basically) an open book".

That's a really long time.

An hour is a really long time. Feels like a PR move to still make it possible for cops to crack the phone and simultaneously sell this as a feature to idiot criminals.

Re:That's a really long time.

Yep, I'm sure Apple has been trying to tap into the "idiot criminal" market for a long time. Brilliant comment.

Re:That's a really long time.

apple has all ready cornered the idiot market. Might as well try for the idiot criminals.

It's off by default

Do remember to turn it on, then, because it's off by default:

If you go to Settings and check under Face ID (or Touch ID) & Passcode, you’ll see a new toggle for USB Accessories. By default, the switch is off.

Which is pretty standard with Apple. Can't break "it just works" for minor concerns like security.

Re: It's off by default

The feature is enabled by default. âoeOnâ means the security feature is disabled.

Can one turn on the lock immediately?

[BitterOak]

What if you will be out driving and don't want the police to have access to your phone, but don't want to wait one hour after using it before leaving the house? Is there a way to bypass the one-hour wait feature and tell the phone to immediately disable the USB when you next lock the phone? People should be able to activate maximum device security whenever they please.

Re:Can one turn on the lock immediately?

[_merlin]

Buy a Samsung phone? Samsung Android phones always require unlocking before a USB connection will work. I don't know why it's suddenly a big deal when Apple does this.

Security yes...

Apple's trying to keep your phone safe. Not from law enforcement, but from random black hats. Whatever OS you use, if it is allowed for sale in the U.S., law enforcement has their backdoors.

Warrant

[Elfich47]

So you have an hour to get the phone to the lab and have the warrant in hand before cracking it. That means taking a cop away from a crime scene to transport a single phone, get a warrant and have the tech standing by the moment the phone gets to the tech. All while maintaining chain of evidence and custody. That is assuming that the cops find the phone at minute zero. The cops don't know how much time is left on the count down when they find the phone. The police are going to get into Keystone cops/Benny Hill adventures where every time they find a phone someone has to go tearing off to get a warrant and rush the phone to the technician. And if another phone is found five minutes after the cop leaves another warrant request and cop will be needed to transport the new phone to the technician. You are going to end up with angry judges and technicians answering "Really, I just signed a warrant to search the previous phone, stop bothering me until you can itemize all the phones you want to search" and technicians complaining all the other work they have to get done is being punted by people running in "You have to unlock this phone before the time limit"

Re:Warrant

[dgatwood]

So you have an hour to get the phone to the lab and have the warrant in hand before cracking it.

Nope. You have an hour for the cop to take the logger device out of his or her pocket, crack the phone, and extract the data into a storage device, under an "exigent circumstances" exception. In the best-case scenario, they then must obtain a warrant to extract the data from the storage device and rifle through it. Either way, you can safely assume that time-limited access means that warrant requirements will get weakened to accommodate that time limit. The only limit that won't inevitably lead to the rapid erosion of our fourth amendment rights is a zero-length limit.

Re: Warrant

They can get a warrant over the phone in a few minutes.

Re:Warrant

Whatever DID the police do before mobile phones? Investigate? Detective work? Maintain a sense of reason and proportion?

Excellent

[gweihir]

Law enforcement of all colors has amply demonstrated that they do not understand device security and why it is important. Hence this is good news.

Incidentally, if you let the police decide what freedoms and protection against the state people have, you end up with a police-state. These people have entirely the wrong mindset. When you remember that the primary purpose of the police is protecting the rich and powerful and fighting (slave) upraisings, this becomes much more obvious. All that "to serve and protect" crap is basically propaganda.

Re:Excellent

[AmiMoJo]

Hence this is good news.

I'm not so sure. If they cared about security they would make the time-out zero seconds, not one hour. What is the reason for that extremely long time-out?

Smells like someone put pressure on them to allow that one hour window of vulnerability. Maybe it's a compromise to avoid a fight with the government, allowing them to access phones they are really interested in why making the public think that Apple is protecting them.

Re:Excellent

[gweihir]

This is probably a compromise with usability, as, if I understand this right, devices get kicked after this one hour. The GrayKey needs apparently 11h on average for a 6 digit PIN and much longer for a longer one. Id this time is typical for all such tools (and I would think the limiting factor is the phone, not the external attack box), then 1h of "vulnerable" time is not much of a vulnerability.

They should make this configurable down to zero though.

Re:You're being played!

  Apple iPhones already upload all your personal information to iCloud,
 
This is utterly false. Uploads to iCloud are completely optional.

Re:You're being played!

[gweihir]

The NSA has no interest in criminals...

Re:Crime by design?

[duke_cheetah2003]

And not just dead like normal dead, dead as in shot dead by LE, for you know... shooting up the town basically.

Or shot himself, itself, herself... I can't keep all the mass shootings that have been happening in recent times all straight in my head anymore.

What about Factory Resetting without Passcode?

I work at a school with many ipads where the students sometimes initiate an update and then set a passcode that I don't know and they don't remember. I have to then connect via USB to factory reset the ipad. Will the new "restricted mode" still allow me to factory reset via USB after an hour without knowing the passcode as I could in the past or will I essentially have bricked device that can't connect via USB without the passcode?

Re: What about Factory Resetting without Passcode?

This shouldn't have any impact on doing a factory reset.

Battery Drain?

[Kozar_The_Malignant]

My concern about 11.4.1 is does it fix the horrible battery drain of 11.4? I'll update tonight, because i have nothing to lose.

Re:Battery Drain?

[KidSock]

I want to know this too please.

Re:Battery Drain?

Battery drain? Something misconfigured on your phone, dude. My iPhone 6s+ with 11.4 gets me through a day of heavy use just fine.

Re: Battery Drain?

Check for too many apps that refresh in the background, using up the battery. Background Refresh, I believe.

How much do you think logger devices cost???

[SuperKendall]

Nope. You have an hour for the cop to take the logger device out of his or her pocket

I assure you there is NO WAY some magic iPhone cracker device (which remember still has to break through passcode security) is inexpensive enough there is going to be more than one per city, and probably only major cities at that. If there is a cop close at hand with one it would probably mean they had spent months gathering evidence on an extremely guilty person.

Re:How much do you think logger devices cost???

Somehow im not comforted by the assurances of a blind apple worshipper.

Re:How much do you think logger devices cost???

Or you could produce a number of cheap USB devices that will register themselves and keep the USB port active and keep the cracking secret sauce in a separate device. The key here is that users are going to want to keep their Apple Carplay / USB-C headphones active for longer than an hour so to maintain basic functionality the USB will have to keep operating with existing devices.

Re:How much do you think logger devices cost???

[dgatwood]

I assure you there is NO WAY some magic iPhone cracker device (which remember still has to break through passcode security) is inexpensive enough there is going to be more than one per city, and probably only major cities at that. If there is a cop close at hand with one it would probably mean they had spent months gathering evidence on an extremely guilty person.

At $16k, they're barely half the cost of a police car. And I'd imagine they'll get cheaper in quantities.

Re:How much do you think logger devices cost???

I imagine there will be fewer quantities after most users are using this.

Re: How much do you think logger devices cost???

When I plug my phone into a computer I have to approve that device.

Good luck approving something when you don't have the password.

Re:How much do you think logger devices cost???

[dgatwood]

On the contrary. If most users are using something that limits the time window, it will be "necessary" to have more of these.

Very probably

[SuperKendall]

Is there a way to bypass the one-hour wait feature and tell the phone to immediately disable the USB

There is already the button press combo to force a passcode be required to unlock vs. a fingerprint or FaceID, I imagine that would also trigger the USB lock.

The future? It starts with You're a Terrorist.

When law enforcement is presented with the challenge of obtaining a search warrant within 1 hour, rest assured that abuse won't stop with merely abusing the shit out of warrant request/approval powers. No, they'll instead find some way yet again to label damn near any crime involving an iPhone as a terrorist plot and a threat to national security, and will request a waiver from respecting due process.

Re:You're being played!

[Bing+Tsher+E]

Nobody EVER backs up their phone to the cloud.

Re:Crime by design?

LE LE LE LE LE LE. Now that you got that LEO worship out of your system, let me tell you why you speak like a true slave. I don't care that the cops can't hack my phone. The 5th should extend to devices we carry our life in.

If the phone is hackable, it is hackable by anyone with the technology. Cops aren't the only ones who can do it, in fact they weren't the ones who figured it out, an Israeli company did who is now selling the device. So the cops are probably not the target for the fix either. The hack is available to anyone with the money to buy the hacking device, which could mean any border patrol agent who temporarily takes your devices out of sight, any spy agency, anyone curious enough to go through your lost phone couple years from now (tech gets simpler and cracking a 4S is now child's play).

Let's see them...

[NewtonsLaw]

Let's see them try to break into my voice/SMS-only 2G bar-phone with their fancy gear! Bahahah!

But seriously, this might mean that lawmakers will be more predisposed to drop the need for a search warrant in respect to searching someone's phone. It would be much easier to lobby that the need for a warrant could now significantly hamper investigations because of the short window of opportunity.

So don't look too smug, Apple may have shot you all in the foot.

Re:Let's see them...

They'll just copy the device - but get permission/warrant to "search" the copy later.

Re:You're being played!

Apple iPhones already upload all your personal information to iCloud, where it's sent straight to the NSA.

Do you have any evidence of that? Not trolling, I really want to look into it.

Re:Crime by design?

[Arkham]

Now. I really gotta wonder about this one though. They are actively trying to put a stop to law enforcement gaining access to devices they have confiscated? Who does this? Why would someone do this? It's one thing to make a product very secure and shrug when LE finds a way around it to get evidence, but it's an entirely another thing when one sees what LEO is doing to break into devices and FIXING IT!

The problem with this logic is assuming that US law enforcement are the only ones trying to break into locked phones. Apple sells more phones around the world than they do in the US. It could be oppressive nation-states looking to punish citizens who oppose them, or criminals looking to steal peoples' identity, money, etc.

its not about security

Apple does not allow users to reduce the security level. If kids type your passcode many times, it locks / erases the phone. There is really no option to disable it.

Then what do you have to do? Buy apple paid backup service to avoid loosing data.

Re:its not about security

[andymadigan]

Settings > Face ID & Passcode > Erase Data [toggle]

Description: "Erase all data on this iPhone after 10 failed passcode attempts"

WTF are you talking about? My iPad had this setting disabled, and somehow got into a state where it wouldn't accept the passcode while charging over lightning (thus resulting in many 'failed passcode attempts'). It eventually locked me out for an hour after multiple failed attempts, but it never erased the device. The lock-out is temporary, no data was lost.

Oh, and backup isn't a paid service. My iPhone and iPad are both backed up to iCloud, and (combined) they're using less than 1GB of the free 5GB plan. If you really want a full backup of the phone (including the binaries of the apps), then you have to backup to a computer using iTunes, also free.

I do wish iOS had the capability to backup directly to a NAS (with encryption) like Time Machine, but I doubt Android has that capability either.

Re:its not about security

Android can back up to a NAS or multiple clouds with encryption it has been able to for some time.

https://www.titaniumtrack.com/titanium-backup.html

Re:its not about security

>>"I do wish iOS had the capability to backup directly to a NAS (with encryption) like Time Machine, but I doubt Android has that capability either."

Use the program "Folder Sync" available from the Google Play Store...
You can use it to back - up and automatically sync any folders on your phone to a NAS device.
It supports multiple protocols, including sftp/scp for secure uploading.

How is this going to work?

[shubus]

I typically plug the charger into my iPhone at night for use the next day. This new feature would seem to indicate that the port will be disconnected after one hour. The question that comes to mind is how does one get a full charged iPhone. One would hope that the software is able to determine if an "external device" is plugged in or a charger.

Re: How is this going to work?

the charging functionality and the data functionality are managed on the port separately so charging won't be impacted.

Re:How is this going to work?

[TheFakeTimCook]

I typically plug the charger into my iPhone at night for use the next day. This new feature would seem to indicate that the port will be disconnected after one hour. The question that comes to mind is how does one get a full charged iPhone. One would hope that the software is able to determine if an "external device" is plugged in or a charger.

It specifically allows charging even when the USB data path is disabled.

Re:How is this going to work?

[shubus]

That's what I was hoping.

Need to be quicker than the SOS trigger too

[Immerial]

It's not just 1 hour... if they see you coming and trigger the SOS mode, you're screwed. So now you have to make sure you grab them when they are separated from their phone... so when the owner is asleep and the phone is charging, or shoot the owner I guess and grab the phone quickly, or hope to get them with their hands away from their phone and say hands-up/don't move.

Headphone Adapter

So will this cause the lightning-to-3.5mm adapter to stop working after an hour?

Re:How do you spot a pedo?

Also drug lords and other assorted criminals.

Re: You're being played!

No he doesn't.