Elcomsoft Claims It Has A Way To Bypass USB Restricted Mode In iOS [UPDATED]

Less than 24 hours after iOS 11.4.1 appeared with a feature called USB Restricted mode, iPhone hacker Elcomsoft has claimed it can bypass it.

What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.

The USB accessory that they used to pull this off was Apple’s own $39 Lightning to USB 3 Camera Adapter. My guess is that this is an oversight by Apple. But the cynic in me says that Apple might have released this feature in iOS 11.4.1 to allow it to see what sort of exploits were possible so that it can address them in the iOS 12 release. Either way, now that this info is public you can be that Apple is addressing this.

UPDATE: I’ve tried this exploit and it works as advertised. However…. To make this a workable exploit for law enforcement for example, they would have to act quickly (as in within the one hour window before USB Restricted Mode enables itself) and have the requisite hardware on hand. Such as the aforementioned Lightning to USB 3 Camera Adapter for example. Another thing to consider is that USB Restricted Mode can be manually enabled by triggering and then cancelling SOS mode on your iPhone. As a bonus it also forces the phone to require a passcode which disables Touch ID and Face ID. Thus the bottom line is that while this is an exploit that does work, someone would have to really work hard to exploit it.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: