The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
Apple is testing a new feature in iOS, USB Restricted mode, that could give users an extra layer of security and make it more challenging for companies who make unlocking tools to extract data from phones.
A couple years ago, Apple got into a nasty public disagreement with the FBI over whether the company could or should help the agency unlock an iPhone used by a terrorist. You may have read something about it. I believe it was in the papers. Since then, there have been a series of discussions in Washington and Silicon Valley about the proliferation of strong encryption, the effects of that on user privacy and law enforcement investigations, and what role tech companies should play in all of this.
A lot of those discussions have centered on potential methods that vendors could employ to grant access to encrypted devices once they’re seized by law enforcement. All kinds of ideas have cropped up, almost all of which have been some variation on a backdoor or a key escrow scheme or both. Those ideas generally are dismissed out of hand by cryptographers and civil liberties groups, and vendors such as Google and Apple don’t even both responding to them any longer. There’s not much left to say.
As the noise has continued to build around backdoors and Going Dark™, Apple has gone about the business of adding new security and privacy features to iOS. Right now, the company is testing a feature that could take the debate to an absurd new level. The feature is known as USB Restricted Mode and Apple has had it in a couple of recent beta releases, but it has yet to make it into a production version of iOS. When it’s enabled, USB Restricted Mode prevents any USB accessories from working when connected through an iPhone’s Lightning port unless the phone has been unlocked within the last 60 minutes.
8 Tips for Securing Your Mobile Device
The feature did not appear in iOS 11.4, which was released June 5, but it has been seen in the latest beta, version 11.4.1. Researchers at Elcomsoft, who have looked at the USB Restricted Mode functionality in 11.4.1, said that when it is enabled “there is zero data communicated over the USB port once this feature kicks in. iTunes does not see the device at all; no “unlock this device to access” and no pairing request. The iPhone just charges off the computer’s USB port, transmitting no information.”
In simple security terms, this functionality is a major win for users. If a user loses physical possession of her phone, a thief only has a few minutes to connect the device to a computer or or other device to try and offload data or erase the phone. That’s a nice extra level of protection. But the feature also could have serious consequences for law enforcement agencies, which rely on specialized forensic tools to extract data from locked iPhones in certain cases. There are a couple of companies that sell devices specifically for this purpose, Cellebrite and Grayshift, and they rely on private techniques to unlock iPhones.
The devices connect to a target phone through the Lightning port, so if a locked iPhone with USB Restricted Mode enabled isn’t connected within an hour, it’s game over. At least for now. Since the first iPhone came out in 2007, Apple has been playing defense against attackers, researchers, and the jailbreaking community, working to fix vulnerabilities and block known attack vectors. There have been dozens of moves and countermoves in the game over the years and Apple has committed a tremendous amount of resources to hardening both iOS and the iPhone hardware. The addition of USB Restricted Mode shows again that Apple is continuing to push into new areas and looking for new ways to protect iPhones and the data stored on them.