Apple Rolls Out Password Cracking Defense, With One Major Flaw

Apple Rolls Out Password Cracking Defense, With One Major Flaw

Apple has rolled out a new version of iOS that seeks to block the passcode cracking tools favored by law enforcement and governments. After looking at the problem, Apple opted for what seemed like a foolproof solution: USB Restricted Mode. This feature blocks all USB access to a locked phone. But security researchers note that it’s trivially easy to block that lockout with Apple’s own accessories.

This change to iOS was spurred by the prevalence of devices like the GrayKey from a company called Grayshift. This unassuming little box can inject code into a locked iPhone that churns for a few hours or days before displaying the device’s passcode. Police around the world have happily dropped serious cash for GrayKey boxes. The company charges $15,000 for GrayKey boxes with a limit of 300 unlocks, and $30,000 for one with unlimited unlocks.

USB Restricted Mode on iPhones now shuts off all USB access after a phone has been locked for about an hour. If the attacker can’t inject code into the phone, it doesn’t matter what exploits exist. This seems like a perfect solution, but security researchers from ElcomSoft have pointed out a significant shortcoming.

After testing the latest build of iOS (11.4.1), researchers report that USB Restricted Mode does indeed persist across reboots and software restores. However, it is possible to prevent the phone from going into Restricted Mode at all as long as you’ve got a Lightning USB accessory to plug in. Even some of Apple’s own accessories will do the trick.

A GrayKey box for unlocking Apple mobile devices.
A GrayKey box for unlocking Apple mobile devices.

According to ElcomSoft’s Oleg Afonin, connecting certain Lightning accessories will reset the one-hour countdown, allowing law enforcement to prevent the device from being locked down indefinitely. The $9 Lightning-to-audio-jack adapter doesn’t work, but Apple’s Lightning-to-USB-3.0 adapter does. The adapter doesn’t even need to be “trusted” or previously paired with the phone to reset the timer. This means law enforcement could even design a custom USB accessory that continuously resets the counter to keep a phone vulnerable.

If the countdown expires, USB Restricted Mode is still a good defense against hacks. The researchers suspect this is a bug in iOS, so Apple could fix it with another update. This security feature will still compromise the usefulness of the GrayKey and similar devices. It’s common for phones seized by police to be off or sitting unused for more than an hour.

Continue reading

The Xbox Series S Is Handicapped by Its Storage Capacity
The Xbox Series S Is Handicapped by Its Storage Capacity

The Xbox Series S has been favorably received, for the most part, but the console's low base storage makes the Xbox Series X a better value for a lot of people.

In Massive Shift, Apple Announces New Macs With ARM-Based M1 Chip
In Massive Shift, Apple Announces New Macs With ARM-Based M1 Chip

Apple saw huge success the last time it switched architectures to Intel, but this time? The jury's still out, but one thing is certain: Apple is about to make a lot more money.

Apple’s New M1 SoC Looks Great, Is Not Faster Than 98 Percent of PC Laptops
Apple’s New M1 SoC Looks Great, Is Not Faster Than 98 Percent of PC Laptops

Apple's new M1 silicon really looks amazing, but it isn't faster than 98 percent of the PCs sold last year, despite what the company claims.

What Does It Mean for the PC Market If Apple Makes the Fastest CPU?
What Does It Mean for the PC Market If Apple Makes the Fastest CPU?

Apple's M1 SoC could have a profound impact on the PC market. After 25 years, x86 may no longer be the highest-performing CPU architecture you can practically buy.