Apple Rolls Out Password Cracking Defense, With One Major Flaw

Apple Rolls Out Password Cracking Defense, With One Major Flaw

Apple has rolled out a new version of iOS that seeks to block the passcode cracking tools favored by law enforcement and governments. After looking at the problem, Apple opted for what seemed like a foolproof solution: USB Restricted Mode. This feature blocks all USB access to a locked phone. But security researchers note that it’s trivially easy to block that lockout with Apple’s own accessories.

This change to iOS was spurred by the prevalence of devices like the GrayKey from a company called Grayshift. This unassuming little box can inject code into a locked iPhone that churns for a few hours or days before displaying the device’s passcode. Police around the world have happily dropped serious cash for GrayKey boxes. The company charges $15,000 for GrayKey boxes with a limit of 300 unlocks, and $30,000 for one with unlimited unlocks.

USB Restricted Mode on iPhones now shuts off all USB access after a phone has been locked for about an hour. If the attacker can’t inject code into the phone, it doesn’t matter what exploits exist. This seems like a perfect solution, but security researchers from ElcomSoft have pointed out a significant shortcoming.

After testing the latest build of iOS (11.4.1), researchers report that USB Restricted Mode does indeed persist across reboots and software restores. However, it is possible to prevent the phone from going into Restricted Mode at all as long as you’ve got a Lightning USB accessory to plug in. Even some of Apple’s own accessories will do the trick.

A GrayKey box for unlocking Apple mobile devices.
A GrayKey box for unlocking Apple mobile devices.

According to ElcomSoft’s Oleg Afonin, connecting certain Lightning accessories will reset the one-hour countdown, allowing law enforcement to prevent the device from being locked down indefinitely. The $9 Lightning-to-audio-jack adapter doesn’t work, but Apple’s Lightning-to-USB-3.0 adapter does. The adapter doesn’t even need to be “trusted” or previously paired with the phone to reset the timer. This means law enforcement could even design a custom USB accessory that continuously resets the counter to keep a phone vulnerable.

If the countdown expires, USB Restricted Mode is still a good defense against hacks. The researchers suspect this is a bug in iOS, so Apple could fix it with another update. This security feature will still compromise the usefulness of the GrayKey and similar devices. It’s common for phones seized by police to be off or sitting unused for more than an hour.

Continue reading

21 States Sue to Stop Net Neutrality Rollback

Twenty-one states and the District of Columbia have requested a review of the FCC's decision to dismantle net neutrality. Meanwhile, 50 Senators have agreed to vote against the FCC's decision — but House support and a potential Trump veto loom large.

Windows 10 Build 17093: Multi-GPU controls, Fewer Passwords, HDR Calibration

Microsoft's new Windows 10 Build 17093 shows the company still stuffing features into the upcoming Spring Creators Update. There's some good stuff here.

Black Role Models in Tech: A Personal Perspective

As part of celebrating Black History Month, we are sharing the perspectives of Tobi Amos, a young African-American engineer about some of the black role models who helped inspire her.

Google Rolls Out Google Pay Branding to Replace Android Pay

Google's mobile payment platform has gone through almost as many revamps as its messaging apps, but maybe today will be the last one for a long time.