To do this, it was enough to insert into the connector any accessory.
July 9, Apple released iOS 11.4.1, which, in addition to fixing many bugs introduced USB Restricted Mode – a restriction on the use of the connector Lightning, to protect iPhones from brute-force passwords. However, specialists ElcomSoft found the opportunity to work around the function almost immediately after the release of iOS. They told about it in the corporate blog.
Protection from Apple disables the data transfer functions for the connector if the smartphone was locked more than an hour ago. After that, through Lightning, you can only charge the device. According to the idea of the developers, this should have prevented special devices for the selection of passwords, which are often used in the American police.
However, ElcomSoft found a way to bypass the system: just insert the accessory in Lightning for an hour, until the connector is locked. For example, the official adapterwith Lighting on USB is suitable .
After that, the time counter will be reset and any device, including those that select passwords, can be connected to the smartphone. In this case, the company experts tested USB Restricted Mode for reset when the iOS firmware was rebooted and restored, in both cases the system remained stable.
We did not find an obvious way to crack the USB Restricted Mode when it’s already enabled. However, we found that iOS resets the timer if you connect an untrusted accessory to the iPhone, something that was not connected before (official accessories do not require confirmation at all). In other words, if the police got an iPhone, they just need to connect it to a compatible accessory right away to reset the lock.
According to Afonin, this is not a very serious vulnerability, which Apple can quickly fix. Nevertheless, protection even in its current form can greatly complicate the life of the police: before they had to connect the iPhone to an external battery and put in a “Faraday cage”, where he will not have access to signals.
USB Restricted Mode was Apple’s response to the actions of the US police and the FBI, which in recent years have learned to sort through passwords on devices, avoiding the limitations of iOS. To this end, agencies use special devices, the most famous of which is called Graykey.