A new version of iOS will block a controversial loophole that law enforcement agencies have leveraged in order to crack into locked iPhones. In an upcoming version of iOS (likely iOS 12), Apple will include a feature known as USB Restricted Mode, which limits access to a locked iPhone through its USB port.
The feature previously appeared in the iOS 11.3 beta, making its way into the iOS 12 beta; now the company has confirmed the security patch will make it into a final iOS release. With USB Restricted Mode, an iPhone’s Lightning port will lock one hour after the phone is locked. In that mode, which will be the default, only charging will be possible through the port after the initial one hour period has expired.
“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” Apple told TechCrunch in an emailed statement.
“We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”
That solution should thwart iPhone-cracking devices like those made by GrayShift and Cellebrite. Such devices, particularly GrayShift’s GrayKey, which promises to unlock even new iPhone models, use the USB port to access a locked iPhone in order to crack its password using more attempts than would normally be allowed. That process can take anywhere from two hours to more than three days, depending on the length of the iPhone’s password.
Federal agencies — including the FBI, DEA, State Department, Secret Service and at least five states — already have the GrayKey device or are in the process of obtaining it.
The FBI’s third-party solution to iPhone cracking became a lightning rod in the clash between the agency and Apple in the aftermath of 2016’s San Bernardino mass shooting, with Apple pressing the FBI for details on the security vulnerability and the FBI playing its tools close to its chest.
As Apple moves to neutralize GrayKey and similar devices, anyone looking to crack into the company’s famously secure iPhone is going to need to try a new tack — and maybe figure out what to do with their now defunct $15,000 or $30,000 hacker toy in the process.