Hackers defeat USB restricted mode before Apple even launches it

June 15, 2018

Is Copilot the best AI companion out there? Help us find out by answering a couple of quick questions!

With iOS 12, Apple is working on improving the iPhone’s security features. the firm is implementing a new feature known as USB Restricted phone.

With USB restricted mode, your iPhone will reject USB connections via the lightning port should the phone not have been unlocked in the last hour via its passcode. This is especially useful given that US authorities can compel users to unlock their smartphone via biometrics, but not via passcodes.

What this means is that snoopy authorities and sneaky thieves will be unable to circumvent iPhone security simply by plugging it into a computer.

Unfortunately, Grayshift has already created a workaround to “Defeat this feature”

According to an email obtained by Motherboard:

Grayshift has gone to great lengths to future-proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on.

Apple says that it didn’t create this tool in order to confound law enforcement agencies, simply to shut down attack vectors that can be exploited by good or bad actors alike. After all, thieves don’t operate on an honor system.

“I believe [Apple] when they say it’s to make the device more secure,” Security researcher Ryan Duff said about USB restricted mode. “The attack it is preventing is one where an attacker has physical access to your device and has some means of getting access to your data from there. That is limited to people who have access to a computer you have already authorized to communicate to your phone, and people who have the ability to exploit your phone. Those are the only ways you’re going to get data off a phone by plugging it into something.”

At the very least, Apple’s security will deter petty thieves and low-level criminals. As for those with the means and reach to access Greyshift’s tools, it seems the only way to not get hacked for now is not to be targeted.

Source: Motherboard.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}