The fight between Apple and the FBI continues…
Apple has had a long-time adversary when it comes to invasion of privacy, namely, local, state, and even federal governments. The tech giant was at one time embroiled in a lengthy, expensive legal battle over breaking into a user’s iPhone, specifically the shooter in the San Bernardino, California, attack on a public office event. In that instance, the shooter’s work-issued iPhone was retrieved in tact, and the FBI sought Apple’s assistance in cracking the passcode.
Apple famously refused, not only due to the fact that they had no way to do it (a judge sided with the FBI and demanded that Apple create the technology to break into a phone at law enforcement’s request), but also because the company fields legal requests every single day to unlock a suspect’s device. The company stated that it would not create such a “back door” because then there would be no rein over who, when, or how it was used.
Now, the company has gone a step farther in protecting the public from invasion of privacy, whether it be hackers or law enforcement. With a setting called USB Restricted Mode, the phone locks itself after one hour to prevent someone with a lightning cable from plugging it into a computer and cracking the passcode with available tools.
Unfortunately, a post from security researchers at ElcomSoft shows that this restricted mode can be undone with a device that costs less than a fancy case for the phone. Apple’s built-in security feature is supposed to require the user to unlock the phone if it’s plugged into another source, but that’s not the case for all accessories.
“What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.”
It’s worth noting that the US Supreme Court has already ruled that law enforcement cannot search a suspect’s phone without a warrant, but that has not stopped some officials from opening a phone or using the threat of searching it for coercion. Now that this finding has been made public, Apple can set about taking action to close the vulnerability.