Apple Rolls Out Password Cracking Defense, With One Major Flaw

Apple Rolls Out Password Cracking Defense, With One Major Flaw

Apple has rolled out a new version of iOS that seeks to block the passcode cracking tools favored by law enforcement and governments. After looking at the problem, Apple opted for what seemed like a foolproof solution: USB Restricted Mode. This feature blocks all USB access to a locked phone. But security researchers note that it’s trivially easy to block that lockout with Apple’s own accessories.

This change to iOS was spurred by the prevalence of devices like the GrayKey from a company called Grayshift. This unassuming little box can inject code into a locked iPhone that churns for a few hours or days before displaying the device’s passcode. Police around the world have happily dropped serious cash for GrayKey boxes. The company charges $15,000 for GrayKey boxes with a limit of 300 unlocks, and $30,000 for one with unlimited unlocks.

USB Restricted Mode on iPhones now shuts off all USB access after a phone has been locked for about an hour. If the attacker can’t inject code into the phone, it doesn’t matter what exploits exist. This seems like a perfect solution, but security researchers from ElcomSoft have pointed out a significant shortcoming.

After testing the latest build of iOS (11.4.1), researchers report that USB Restricted Mode does indeed persist across reboots and software restores. However, it is possible to prevent the phone from going into Restricted Mode at all as long as you’ve got a Lightning USB accessory to plug in. Even some of Apple’s own accessories will do the trick.

A GrayKey box for unlocking Apple mobile devices.
A GrayKey box for unlocking Apple mobile devices.

According to ElcomSoft’s Oleg Afonin, connecting certain Lightning accessories will reset the one-hour countdown, allowing law enforcement to prevent the device from being locked down indefinitely. The $9 Lightning-to-audio-jack adapter doesn’t work, but Apple’s Lightning-to-USB-3.0 adapter does. The adapter doesn’t even need to be “trusted” or previously paired with the phone to reset the timer. This means law enforcement could even design a custom USB accessory that continuously resets the counter to keep a phone vulnerable.

If the countdown expires, USB Restricted Mode is still a good defense against hacks. The researchers suspect this is a bug in iOS, so Apple could fix it with another update. This security feature will still compromise the usefulness of the GrayKey and similar devices. It’s common for phones seized by police to be off or sitting unused for more than an hour.

Continue reading

Google Pixel Slate Owners Report Failing Flash Storage
Google Pixel Slate Owners Report Failing Flash Storage

Google's product support forums are flooded with angry Pixel Slate owners who say their devices are running into frequent, crippling storage errors.

Western Digital Changes Its Reported Drive Speeds to Reflect Reality
Western Digital Changes Its Reported Drive Speeds to Reflect Reality

Western Digital has launched new WD Red Plus models to correct previous communicated inaccuracies regarding the spindle speeds on its 8TB-14TB products in this family.

No Flying Cars Yet, But How About a $300 Toaster With a Touch Screen?
No Flying Cars Yet, But How About a $300 Toaster With a Touch Screen?

As 2020 draws to a close, there's still no word on flying cars, but don't worry: We found something even better. For a certain definition of the word "better."

Ripples Reveal Ancient Global Megafloods on Mars
Ripples Reveal Ancient Global Megafloods on Mars

New findings from the Curiosity rover point to megafloods in the planet's past. NASA couldn't see the evidence of this event from space, but Curiosity was able to make the determination by scanning Martian geology from the surface.