Cupertino readies new security feature for iPhones

Jun 5, 2018 11:18 GMT  ·  By

Apple has been dreaming about building an unhackable iPhone since forever, but plans to bring such a device to the market gained faster pace in late 2015 following the San Bernardino terrorist attacks.

At that point, the FBI requested Apple to unlock the iPhone used by one of the shooters, as it was believed that the device was holding evidence critical for the investigation. The company refused to help, despite a court order in this regard, and the FBI eventually managed to break into the phone using help from a third-party company in exchange for $1 million.

Apple not only that rejected the proposal for hacking the iPhone, but it also accelerated work on a possible model that would be impossible to break even by the company itself. This hasn’t stopped the FBI from seeking backdoors embedded into smartphones, a request that most tech companies quickly rejected on every single occasion.

In the meantime, however, FBI’s efforts to crack any iPhone open gained the support of other third-party groups that managed to find a way to extract information stored on Apple devices even when protected by passwords.

This device, known as GrayKey, could crack pretty much any iPhone model regardless of the iOS version running on it, and it’s all possible due to vulnerabilities that Apple isn’t aware of. While these security flaws are harder to find and patch by Apple, rolling out updates to address them is only a temporary solution, as more further hacks could be developed and exploited by the same device.

GrayKey unlocks iPhones using a direct cable connection via the Lightning port and uses a brute force method to crack the password, then being able to extract all the information stored on the device.

Apple has found pretty much the easiest way not only to fix the exploited vulnerability without actually knowing it, but also to prevent similar exploits in the future.

Enter iOS 12.

iOS 12 will introduce a new feature that blocks USB connections when the device hasn’t been unlocked for more than an hour. This means that if someone steals your iPhone and wants to access the stored data, they have just 60 minutes to connect it to GrayKey and hack the device.

This is pretty much impossible with a decent password because the more complex the unlock code gets, the more time GrayKey needs to crack the device open. If it needs more than one hour to complete the process, the iPhone is locked down automatically and closes the USB connection, making GrayKey useless.

This method has been one of the few, if not the only effective method to unlock an iPhone, and while vulnerabilities come and go, as they are patched by Apple, with this update the company makes a huge step towards building an unhackable smartphone.

Needless to say, third parties and the FBI itself will continue to look into methods to hack iPhones, but even though new ways will probably be discovered, all would have to either be faster than 60 minutes or work without a USB connection.

The only thing that Apple has to do from now on is to deliver security updates in a timely manner, and thus ensure that even if vulnerabilities in its software are discovered, users wouldn’t be exposed.

iOS 12 is projected to be released to users in September this year when Apple will also roll out new iPhone models, and there’s a good chance that further security improvements would be rolled out as well. Time will tell how much time hackers would need to find new iPhone hacks, but for the time being, the dream of an unhackable iPhone is one step closer to coming true.