USB Restricted Mode, a new iOS feature that protects unauthorized access of the data on your iOS device, has a glaring omission that would make it quite easy for someone to beat in many scenarios.
The feature, introduced in iOS 11.4.1 and iOS 12 beta 2, is supposed to make the data on your iPhone safe even if someone can physically access it. One hour after the phone’s last been unlocked, it enters USB Restricted Mode, which disables data access to its Lightning port.
However, security firm ElcomSoft has discovered a way to disable the timer, and it’s ridiculously easy — you just need to plug an accessory into the iPhone’s Lightning port, and the timer is disabled.
USB Restricted Mode is designed to protect against devices such as GrayKey, a hardware device that enables an attacker to extract data from an iOS device they don’t have legitimate access to. While it doesn’t offer full protection from GrayKey, it significantly hampers any would-be attacker by limiting the time to perform an attack to one hour or less.
However, ElcomSoft says that merely plugging in nearly any device (not just ones that have previously been connected to that phone), such as Apple’s Lightning to USB 3 Camera Adapter, will disable the timer. This would give an attacker enough time to bring the device to a lab and then work on it for as much time as they’d like.
This trick works in iOS 11.4.1 and iOS 12 beta 2, both of which have the USB Restricted Mode feature, ElcomSoft claims.
According to ElcomSoft, the problem likely lies in Apple’s Lightning communication protocol — in other words, the way the iPhone “talks” to devices that are plugged into it. When you connect the iPhone to a computer, the two devices exchange cryptographic keys and establish trust. Many Lightning accessories, however, don’t have the capability to do that, so the iPhone just trusts them by default.
If this is indeed a bug and not intended behavior, it might be hard for Apple to fix it. According to ElcomSoft, a fix could render numerous Lightning accessories useless — though it might be possible to make sure the iOS device only communicates with devices that were previously plugged into it.
We’ve contacted Apple for comment and will update this post when we hear from them.