14 DAY TRIAL // In a recent report, Russian-based ElcomSoft password and system recovery software company detailed a new feature that's coming to Apple's iOS mobile operating system soon and its impact on forensics.
iOS 11.4 is the next version of Apple's mobile operating system for iPhone, iPad, and iPod touch devices, and while it's currently under development, some of us are aware of the new features it will integrate. One of these new features is called USB Restricted Mode, and it was first spotted during the development cycle of iOS 11.3.
For some reason unknown to us, Apple decided to ditch the USB Restricted Mode from the final iOS 11.3, but it's present again in the latest iOS 11.4 beta release. The feature is designed to improve the security of your iPhone or iPad by asking you to connect an accessory via the lightning connector when the device is locked.
If you don't want or can't connect a USB accessory via the lightning connector, the USB Restricted Mode feature will automatically disable USB data connections on the lightning port, allowing only charging capabilities to function. As such, users will have to enter the device's passcode at least once a week.
Law enforcement agencies will have a hard time hacking iPhones
If you're reading the news lately, you would probably know about an iPhone hacking device called the GrayKey box that's being widely adopted by law enforcement agencies. The device is capable of unlocking a 4-digit passcode on an iPhone device somewhere from a few minutes to a few hours.
Of course, more complex passcodes take more time to hack. For example, six-digit passcodes, which are now standard on iPhone devices, could take up to three days or longer to crack. For a 10-digit code, GrayKey would need no less than 12 years or 4629 days to unlock an iPhone.
Apple was always against law enforcement agencies to force unlock iPhone devices, which, in some cases, may help with their investigations, so with the new USB Restricted Mode feature, the Cupertino, California based company will make it harder for them to use a GrayKey box for any iPhone cracking.
"Law enforcement will have at most 7 days from the time the device was last unlocked to perform the extraction using any known forensic techniques, be it logical acquisition or passcode recovery via GreyKey or other services," said ElcomSoft. "Even the 7 days are not a given, since the exact date and time the device was last unlocked may not be known."
According to ElcomSoft, the new USB Restricted Mode feature in iOS 11.4 is designed specifically to limit law enforcement agencies and companies like Cellerbrite and GreyShift from cracking iPhone devices stored for seven consecutive days without being paired to a computer, connected to a USB accessory via the lightning connector, or unlocked.
But this is all in theory for now, as iOS 11.4 isn't yet here yet and most iPhone devices out there are still using a previous iOS release that doesn't feature USB Restricted Mode. Check out ElcomSoft's in-depth report to see how the USB Restricted Mode works and what possible mitigations are to bypass it in an attempt to hack a locked iPhone.