Today, Apple released the latest iOS 11.4.1, and it has now come with a new software mechanism which blocks the passcode cracking tools which are very preferential by the enforcement of law and also called as USB Restricted Mode. Though, the tool will also make the iPhone unreachable to the third-party software of any kind after the screen has been locked for one hour. That’s the way when the malicious third parties or the law enforcement agencies can’t even break into the phone by using the passcode cracking tools like as GrayKey.
However, one of the researchers at cybersecurity firm ElcomSoft has been found a loophole that rearrange one-hour counter so long as and when the users plug a USB accessory directly into the iPhone’s Lightning port, in spite of whether the phone has ever connected to that accessories in the past.
Here the ElcomSoft’s Oleg Afonin, Researcher at Cybersecurity has explained the situation:
ElcomSoft’s in a blog post said that we performed many different tests, and also confirmed that all the USB Restricted Mode is easily maintained via the reboots, and also continue the software restores through the option of Recovery mode. Or in other words, we can say that the company has found no any obvious way to break the USB Restricted Mode once it is engaged.
Therefore, What we discovered is that the iOS will also rearrange the USB Restrictive Mode countdown timer even if anyone can connect the iPhone to any untrusted USB accessories, and there is one that has never been paired to the iPhone before.
ElcomSoft’s Oleg Afonin also explained that you would even use Apple’s Lightning to the USB 3 Camera adapter which goes for only $39 on the official company’s online store. In fact, the ElcomSoft’s is the process of testing some other adapters, including the cheap third party ones, to see which will reset the entire counter.
It appears not to be a much severe vulnerability as an only mistake on the Apple’s part. Afonin also said that as much calling it perhaps nothing more than oversight. Thus, it does only mean that the law enforcement, if they can choose and also feel that going through the effort which can easily design the systems only to bypass tool as today, it is implemented and also continue by using the cracking tools like GrayKey.
Afonin also concluded that with the release of the iOS 11.4.1, therefore, the process for correctly transporting and seizing the iPhone devices which might be altered only to include compatible Lightning accessories. Formerly the iOS 11.4.1 has separating iPhone which is inside the Faraday bag and also connects to the battery pack which will surely be adequate to transport it to the lab securely.