iOS 11.4.1's New Passcode Cracking Prevention Feature Can Be Bypassed: ElcomSoft

iOS 11.4.1's New Passcode Cracking Prevention Feature Can Be Bypassed: ElcomSoft
  • Researchers have discovered a loophole in USB Restricted Mode
  • The new mode comes through a USB Accessories toggle on iOS 11.4.1
  • An untrusted USB accessory can reset the one-hour counter

While iOS 11.4.1 has just arrived with a USB Accessories toggle to restrict access to passcode cracking tools, researchers now claim that they have discovered a bug in the latest development. The bug is alleged to reset the one-hour counter available within the latest iOS update as long as a USB accessory is connected to the iOS device before the toggle triggers the lock. Interestingly, as per the researchers, authorities and private companies don't need any specific USB accessory to reset the counter. The researchers have spotted that it can be compromised using Apple's native Lightning to USB 3 Camera adapter that is available at $39 (roughly Rs. 2,700). The toggle was notably first seen as the 'USB Restricted Mode' in the developer preview betas of iOS 12 and iOS 11.4.1 last month.

The team of researchers at ElcomSoft have reiterated that once the USB Restricted Mode is enabled, it restricts all the data communications that occur over the Lightning port. This means if you haven't turned the USB Accessories toggle on, and it has been more than an hour since your Apple device was locked, a USB accessory won't be able to communicate with your device. However, as Oleg Afonin of ElcomSoft has highlighted, the feature is of no use if a USB accessory is already connected to your hardware. This prevents the USB Restricted Mode lock from turning after the one-hour timer. The resetting of the built-in feature works even with an untrusted USB accessory, one that has never been paired with the device before. "What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact, the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour," Afonin writes in a blog post while explaining the loophole.

It has been seen that the lock doesn't get affected with Apple Lightning to 3.5mm jack adapter, though the one-hour countdown was reset through the official Lightning to USB 3 Camera Adapter. "According to our tests, this effectively disables USB Restricted Mode countdown timer, and allows safely transporting the seized device to the lab," claims Afonin. The researcher also underlined that with the release of iOS 11.4.1, the procedure of "properly seizing and transporting" an iPhone could include a compatible Lightning accessory. "Prior to iOS 11.4.1, isolating the iPhone inside a Faraday bag and connecting it to a battery pack would be enough to safely transport it to the lab," he concludes.

While Apple might fix the flaw in the next iOS 11.4 release or in the iOS 12, Afonin doesn't consider it as a severe vulnerability and calls it an "oversight." However, this doesn't mean that the USB connectivity with an Apple device is entirely safe. Law enforcement and private companies could leverage the loophole and design new hardware to continue to crack passcodes through the Lightning port.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Apple, iOS 11.4.1
Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at Please send in your leads and tips. More
EU Google Decision Said to Be Delayed to Next Week as Trump Visits
Honor Note 10 Specifications Tipped by Geekbench Listing, Seen to Sport HiSilicon Kirin 970 SoC

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment




© Copyright Red Pixels Ventures Limited 2022. All rights reserved.