advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
Well that didn't take long: iPhone unlock hack for 11.4.1 and 12 beta
Posted by: Speedy
Date: July 12, 2018 04:03AM
[www.idropnews.com]

"Apple this week released iOS 11.4.1, an incremental software update that contained a feature to thwart iPhone hacking measures. But, unfortunately, security researchers have already found a way to bypass that feature, which is dubbed USB Restricted Mode.

First, some background. USB Restricted Mode is essentially a software capability that disables data access via Lightning port after a certain amount of time if it isn’t unlocked periodically.

If a device is left locked or disconnected from a trusted USB device for exactly one hour, USB Restricted Mode will kick in — rendering iPhone hacking tools like GrayKey relatively useless. That security measure persists through reboots and even full software restoration processes.

That was a good move on Apple’s part to protect the privacy and security of its consumers. While GrayKey is reportedly only used by law enforcement currently, it’s completely possible for a device to fall into the wrong hands.

But security researchers at Elcomsoft, which first spotted the feature in an iOS 11.4 beta, have reportedly found a workaround.

Apparently, iOS will reset the one-hour USB Restricted Mode timer if a device is plugged into a certain untrusted USB accessory. While a Lightning to 3.5mm adapter doesn’t work, a ~$39 Lightning to USB camera adapter will.

As such, Elcomsoft researcher Oleg Afonin said that law enforcement or forensic procedures for seizing and transporting iPhones might now include a Lightning accessory. Before, a Faraday bag and a battery pack would suffice.

Afonin did point out that it isn’t necessarily a severe vulnerability. In fact, Afonin said it’s most likely “nothing more than an oversight” on Apple’s part. The researcher noted that the workaround seems to work on iOS 11.4.1 and the second iOS 12 beta.

Of course, it’s incredibly likely that Apple will patch this going forward. But it’s also as likely that security researchers and entities like Grayshift will continue to search for exploits and vulnerabilities to take advantage of.

In other words, expect a back-and-forth struggle as Apple and hackers move to outfox each other in the future.

If you’re concerned about third-parties accessing the data on your device, your best bet is to use a strong, alphanumerical passcode. The longer and more complex the passcode, the longer devices like GrayKey will take to crack them."



Saint Cloud, Minnesota, where the weather is wonderful even when it isn't.
Options:  Reply • Quote
Re: Well that didn't take long: iPhone unlock hack for 11.4.1 and 12 beta
Posted by: macphanatic
Date: July 12, 2018 06:11AM
Why can't Apple set the restricted mode up so that after so many fast attempts to enter a password, the device erases itself? They know that no one can enter multiple passwords/codes as rapidly as the GrayKey. The iOS device should be able to acknowledge the speed at which codes are being entered. After a given time period and number of entries, the device could either stop accepting codes for a while or just erase. Or it could require a second, completely different code in combination with the primary to unlock.
Options:  Reply • Quote
Re: Well that didn't take long: iPhone unlock hack for 11.4.1 and 12 beta
Posted by: space-time
Date: July 14, 2018 07:14AM
Quote
macphanatic
Why can't Apple set the restricted mode up so that after so many fast attempts to enter a password, the device erases itself? ...

that is possible, my company has a security profile and after 10 attempts, the phone erases itself.
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 263
Record Number of Users: 52 on November 20, 2014
Record Number of Guests: 2330 on October 25, 2018