Slashdot Mirror
Apple Releases iOS 11.4.1, Blocks Passcode Cracking Tools Used By Police (theverge.com)
An anonymous reader quotes a report from The Verge: Apple today released iOS 11.4.1, and while most of us are already looking ahead to all the new stuff coming in iOS 12, this small update contains an important new security feature: USB Restricted Mode. Apple has added protections against the USB devices being used by law enforcement and private companies that connect over Lightning to crack an iPhone's passcode and evade Apple's usual encryption safeguards.
If you go to Settings and check under Face ID (or Touch ID) & Passcode, you'll see a new toggle for USB Accessories. By default, the switch is off. This means that once your iPhone or iPad has been locked for over an hour straight, iOS will no longer allow USB accessories to connect to the device -- shutting out cracking tools like GrayKey as a result. If you've got accessories that you want to continue working after your iPhone has been sitting locked for awhile, you can toggle the option on to remove the hour limit. Apple's wording is a bit confusing. You should leave the toggle disabled if you want your iPhone to be most secure.
If you go to Settings and check under Face ID (or Touch ID) & Passcode, you'll see a new toggle for USB Accessories. By default, the switch is off. This means that once your iPhone or iPad has been locked for over an hour straight, iOS will no longer allow USB accessories to connect to the device -- shutting out cracking tools like GrayKey as a result. If you've got accessories that you want to continue working after your iPhone has been sitting locked for awhile, you can toggle the option on to remove the hour limit. Apple's wording is a bit confusing. You should leave the toggle disabled if you want your iPhone to be most secure.
I feel better now that if anyone wants to access my phone, they need to ask me first. If only the carriers would stand up for us the same way.
Apple agreed to store Chinese data in China. This allows China to subpoena Apple for the data of its citizens.
But, Apple has a modus operandi to process as much data on the phone as possible, and encrypt with user-held decryption keys what it stores on its servers. They didn't generate and give China a special master key or the like. Whatever you can say about them, within the confines of the various bodies of law they operate it, they seem to push for the most privacy-focused solution to privacy challenges.
Why is this story always about iPhone?
Are Android and other mobile OS not an encryption concern for LEO?
Thanks.
It little behooves the best of us to comment on the rest of us.
What if you will be out driving and don't want the police to have access to your phone, but don't want to wait one hour after using it before leaving the house? Is there a way to bypass the one-hour wait feature and tell the phone to immediately disable the USB when you next lock the phone? People should be able to activate maximum device security whenever they please.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Nope. You have an hour for the cop to take the logger device out of his or her pocket, crack the phone, and extract the data into a storage device, under an "exigent circumstances" exception. In the best-case scenario, they then must obtain a warrant to extract the data from the storage device and rifle through it. Either way, you can safely assume that time-limited access means that warrant requirements will get weakened to accommodate that time limit. The only limit that won't inevitably lead to the rapid erosion of our fourth amendment rights is a zero-length limit.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Law enforcement of all colors has amply demonstrated that they do not understand device security and why it is important. Hence this is good news.
Incidentally, if you let the police decide what freedoms and protection against the state people have, you end up with a police-state. These people have entirely the wrong mindset. When you remember that the primary purpose of the police is protecting the rich and powerful and fighting (slave) upraisings, this becomes much more obvious. All that "to serve and protect" crap is basically propaganda.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The NSA has no interest in criminals...
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
My concern about 11.4.1 is does it fix the horrible battery drain of 11.4? I'll update tonight, because i have nothing to lose.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Is there a way to bypass the one-hour wait feature and tell the phone to immediately disable the USB
There is already the button press combo to force a passcode be required to unlock vs. a fingerprint or FaceID, I imagine that would also trigger the USB lock.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Let's see them try to break into my voice/SMS-only 2G bar-phone with their fancy gear! Bahahah!
But seriously, this might mean that lawmakers will be more predisposed to drop the need for a search warrant in respect to searching someone's phone. It would be much easier to lobby that the need for a warrant could now significantly hamper investigations because of the short window of opportunity.
So don't look too smug, Apple may have shot you all in the foot.
Now. I really gotta wonder about this one though. They are actively trying to put a stop to law enforcement gaining access to devices they have confiscated? Who does this? Why would someone do this? It's one thing to make a product very secure and shrug when LE finds a way around it to get evidence, but it's an entirely another thing when one sees what LEO is doing to break into devices and FIXING IT!
The problem with this logic is assuming that US law enforcement are the only ones trying to break into locked phones. Apple sells more phones around the world than they do in the US. It could be oppressive nation-states looking to punish citizens who oppose them, or criminals looking to steal peoples' identity, money, etc.
- Vincit qui patitur.
Settings > Face ID & Passcode > Erase Data [toggle]
Description: "Erase all data on this iPhone after 10 failed passcode attempts"
WTF are you talking about? My iPad had this setting disabled, and somehow got into a state where it wouldn't accept the passcode while charging over lightning (thus resulting in many 'failed passcode attempts'). It eventually locked me out for an hour after multiple failed attempts, but it never erased the device. The lock-out is temporary, no data was lost.
Oh, and backup isn't a paid service. My iPhone and iPad are both backed up to iCloud, and (combined) they're using less than 1GB of the free 5GB plan. If you really want a full backup of the phone (including the binaries of the apps), then you have to backup to a computer using iTunes, also free.
I do wish iOS had the capability to backup directly to a NAS (with encryption) like Time Machine, but I doubt Android has that capability either.
The right to protest the State is more sacred than the State.
I typically plug the charger into my iPhone at night for use the next day. This new feature would seem to indicate that the port will be disconnected after one hour. The question that comes to mind is how does one get a full charged iPhone. One would hope that the software is able to determine if an "external device" is plugged in or a charger.
It specifically allows charging even when the USB data path is disabled.