Apple Releases iOS 11.4.1, Blocks Passcode Cracking Tools Used By Police

An anonymous reader quotes a report from The Verge: Apple today released iOS 11.4.1, and while most of us are already looking ahead to all the new stuff coming in iOS 12, this small update contains an important new security feature: USB Restricted Mode. Apple has added protections against the USB devices being used by law enforcement and private companies that connect over Lightning to crack an iPhone's passcode and evade Apple's usual encryption safeguards.

If you go to Settings and check under Face ID (or Touch ID) & Passcode, you'll see a new toggle for USB Accessories. By default, the switch is off. This means that once your iPhone or iPad has been locked for over an hour straight, iOS will no longer allow USB accessories to connect to the device -- shutting out cracking tools like GrayKey as a result. If you've got accessories that you want to continue working after your iPhone has been sitting locked for awhile, you can toggle the option on to remove the hour limit. Apple's wording is a bit confusing. You should leave the toggle disabled if you want your iPhone to be most secure.

Thanks

[saloomy]

I feel better now that if anyone wants to access my phone, they need to ask me first. If only the carriers would stand up for us the same way.

Re:Thanks

[saloomy]

Note: I realize there are probably other vulnerabilities out there, and this will probably be a never-ending game of chess between law enforcement / authoritarian governments, and big tech. It is just great to see them pushing back against George Orwell's 1984.

Re:Thanks

[dgatwood]

It already exists. It's called "crack open the phone immediately". I'd be a lot more impressed with this technology if the user could configure the time all the way down to zero. There's no valid reason to allow new external devices to be probed while the phone is locked—not even one second after the phone is locked. The user can't do anything with those external devices without unlocking the device anyway.

This is, of course, as opposed to communicating with existing, known devices while the device is locked, which could be used by things like docks. Basically, it should stop probing for new devices immediately, and lock the port when the last device disappears, or immediately if there's nothing plugged into the port.

Re:Warrant

[dgatwood]

So you have an hour to get the phone to the lab and have the warrant in hand before cracking it.

Nope. You have an hour for the cop to take the logger device out of his or her pocket, crack the phone, and extract the data into a storage device, under an "exigent circumstances" exception. In the best-case scenario, they then must obtain a warrant to extract the data from the storage device and rifle through it. Either way, you can safely assume that time-limited access means that warrant requirements will get weakened to accommodate that time limit. The only limit that won't inevitably lead to the rapid erosion of our fourth amendment rights is a zero-length limit.

Re:You're being played!

[gweihir]

The NSA has no interest in criminals...

Re:Crime by design?

[Arkham]

Now. I really gotta wonder about this one though. They are actively trying to put a stop to law enforcement gaining access to devices they have confiscated? Who does this? Why would someone do this? It's one thing to make a product very secure and shrug when LE finds a way around it to get evidence, but it's an entirely another thing when one sees what LEO is doing to break into devices and FIXING IT!

The problem with this logic is assuming that US law enforcement are the only ones trying to break into locked phones. Apple sells more phones around the world than they do in the US. It could be oppressive nation-states looking to punish citizens who oppose them, or criminals looking to steal peoples' identity, money, etc.

Re:Serious question:

[hankwang]

The flash device is encrypted using a random-generated (strong) key that's stored on the phone but not on the flash device; the key itself is not derived from the PIN; instead, the key can be accessed only using the PIN . The secure subsystem will not allow brute-forcing the PIN, deleting the decryption key after too many attempts. So downloading the flash device will give you a lot of random numbers, at most telling you how much of the flash storage was in use. (Are you sure that you don't need to unlock the bootloader first? Unlockimg it will also result in a factory reset and erasing of the decryption key).

It's possible that some manufacturers don't have the secure subsystem (some Samsung devices on Android 4 required a long alphanumeric screen unlock code if device encryption was on, wtf?) but I would be surprised if this is the case for Nexus 5 and later.

Maybe Swillden, our local Android security expert, will chime in.