On the day of its official release, technology security gurus are raising a red flag over Apple's new security feature, USB Restricted Mode. This seems like a flawless solution, but security researchers from ElcomSoft have pointed out a significant shortcoming. The way it works is that when an hour has lapsed without the iPhone or iPad being unlocked with a passcode, the Lightning-USB connection will disable any data transfer. The restriction persists through reboots and even while trying to restore an iPhone using a firmware file via Recovery mode.
USB Restricted Mode is created to thwart iPhone-cracking tools that work by connecting to the device's Lightning port. This appears to be an oversight on Apple's part, which would allow authorities to gain access to iPhones by resetting USB Restricted Mode.
However, if the device is connected to a Lightning accessory - including one that has never been connected before - the one-hour countdown timer to initiate USB Restricted Mode will be reset. However, the iOS will reset the countdown timer if one immediately connects the iPhone to a compatible USB accessory. "Prior to iOS 11.4.1, isolating the iPhone inside a Faraday bag and connecting it to a battery pack would be enough to safely transport it to the lab", Afonin concludes. Many Lightning accessories, however, don't have the capability to do that, so the iPhone just trusts them by default. While iOS 11.4.1 is likely the final update before iOS 12, this bug could force Apple to push out 11.4.2 quickly. However, we discovered a workaround, which happens to work exactly as we suggested back in May.
"What are the chances that the device is seized within an hour after last unlock?"
Now, Apple should be testing iOS 12, watchOS 5, and tvOS 12 exclusively, as you shouldn't expect to see anymore iOS 11 updates.
Apple also today released security updates for. Security is always a moving target - we'll have to see how the iOS cracking industry responds to Apple's latest defences.
Of course, the exploit requires that the attacker gain physical access to the phone within one hour of the last time it was unlocked, but according to Afonin, this is not much of a problem.