Apple’s USB Restricted Mode: how to use your iPhone’s latest security feature

Apple quietly introduced a significant privacy safeguard as
part of the new iOS 11.4.1 update that was released on July
9th. USB Restricted Mode prevents USB accessories that plug
into the Lightning port from making data connections with an
iPhone, iPad, or iPod Touch if your iOS device has been locked
for over an hour. This seemingly small change goes a long way
in blocking tools used by law enforcement to crack passcodes
and circumvent Apple’s encryption and built-in measures
designed to shield sensitive user data.

What is USB Restricted Mode?

Apple describes it as a new “security protection” that’s
introduced as part of iOS 11.4.1. The company hasn’t said as
much, but it’s believed that USB Restricted Mode is Apple’s
effort to combat devices like GrayKey that are specially
designed to help law enforcement crack an iOS device’s passcode
and retrieve data that would normally be guarded by encryption.
iOS has built-in security features that prevent constant
passcode guesses — such as when it locks down your device after
several incorrect attempts. But companies have seemingly found
a way of avoiding those safeguards via USB and the Lightning
port. Now, Apple is trying to eliminate this method of gaining
entry to a recovered or confiscated device.

USB Restricted Mode works like this: after an hour of your
iPhone, iPad, or iPod Touch sitting without being unlocked, iOS
will basically cut off the Lightning port and limit it to
charging only. This hour timeout should theoretically stop
devices like GrayKey (which plugs into an iPhone and cracks the
passcode within a few hours) from working successfully.

“If you don’t first unlock your password-protected iOS device —
or you haven’t unlocked and connected it to a USB accessory
within the past hour — your iOS device won’t communicate with
the accessory or computer, and in some cases, it might not
charge,” reads Apple’s
support page
on the security feature.


USB Restricted Mode is active
when the “USB Accessories” toggle is disabled / on the
left.

USB Restricted Mode is enabled by default after the
update

Once you’ve installed iOS 11.4.1, Apple automatically turns on
USB Restricted Mode right away. So you’ll need to unlock your
iPhone or iPad to connect a USB accessory and get it working.
After that — for as long as it’s attached — the accessory will
remain connected and operational even if your iOS device is
locked again.

Accessories might not be able to charge your iPhone
unless you unlock it first

Apple notes that when a USB accessory is blocked from
connecting to your iPhone, charging might also be prevented as
a result. iOS devices will charge normally when
connected to a USB power adapter
, but if you plug in a
gadget that normally delivers power over USB, you might have to
unlock your iPhone or iPad first before things work (and
charge) like normal. This is going to vary from accessory to
accessory.

It’s easy to turn off USB Restricted Mode

If you’re not concerned about someone potentially breaking
their way into your iOS device, you can disable the new
security measure immediately. Just go to Settings —> Face ID
(or Touch ID) & Passcode —> USB Accessories. Toggle this
option to on (green) and your accessories will function the
exact same way they did before iOS 11.4.1.

Apple says this might be a good idea for people who use
assistive devices with their iPhone, iPad, or iPod Touch. “Many
assistive devices will automatically turn on the setting to
allow USB devices the first time they’re connected,” the
company says. But if that doesn’t happen, disabling USB
Restricted Mode just takes a quick visit to the Settings menu.

USB Restricted Mode isn’t foolproof

Soon after the feature’s release,
it was reported by ElcomSoft
that plugging in a
USB accessory like Apple’s own iOS camera adapter before
USB Restricted Mode is activated
is enough to reset the
60-minute clock and prevent your iPhone from locking down its
Lightning port. This is a workaround that Apple will likely
patch sooner than later.

Leave a Reply

Your email address will not be published. Required fields are marked *