Upcoming iOS Access Restrictions Could Stymie Law Enforcement

Apple plans to equip iOS 12 with USB Restricted Mode, a feature that requires users to unlock their iPhone with their passcode before USB accessories can connect if the phone last was unlocked more than an hour earlier.

The company included this feature in the developer versions of iOS 11.4.1 and iOS 12.

Apple will release USB Restricted Mode publicly in a future software update, it confirmed to Reuters this week.

USB Restricted Mode should work on iPads the same way as on iPhones because it’s a software feature, ElcomSoft CEO Vladimir Katalov told TechNewsWorld.

“For the average user, this will probably be inconsequential,” said Randy Abrams, senior security analyst at Webroot.

“For someone such as a government contractor, someone with expensive proprietary information, or any high-value target, it can make a difference,” he told TechNewsWorld. “Enterprises are subject to espionage and the theft of proprietary information.”

Shortening the Long Arm of the Law

Once USB Restricted Mode is invoked, iOS stops sending data over the USB port, noted researcher Oleg Afonin in a post published earlier this month.

The second beta of iOS 11.4.1, released earlier this week, extends the SOS mode so that it blocks all USB communications, Touch ID and Face ID, until the user unlocks the iPhone with a passcode.

There’s a widespread belief that USB Restricted Mode targets law enforcement agencies, which use passcode cracking tools — such as those from Cellebrite and GrayShift — to get around iPhone security.

Police departments around the country reportedly have been purchasing those solutions.

The United States Drug Enforcement Agency earlier this year issued a solicitation for GrayShift’s GrayKey. The DEA had subscribed to Cellebrite’s solution in 2016. USB Restricted Mode will render these technologies useless.

U.S. law enforcement agencies have demanded a backdoor in high-tech products, and the FBI has been trying to crack Apple’s security for years.

Their side took a hit last month, when The Washington Post reported that the FBI repeatedly had overstated the dangers of encryption, both to the public and to Congress.

“It’s tempting to believe that this is part of a tit-for-tat with U.S. law enforcement agencies reportedly buying unlocking technologies in recent months,” said Eric Smith, director of connected computing at Strategy Analytics.

“However, I believe Apple has been working on these ‘bugs’ as a practical matter to secure its devices primarily as a consumer issue, especially since it has positioned itself as the antithesis of Google — and now Facebook — when it comes to how personal data is used, monetized and where that data is stored,” he told TechNewsWorld.

“I don’t think [USB Restricted Mode] is aimed at law enforcement agencies, however severe the impact to those entities may be,” Webroot’s Abrams said, likening the feature to PGP.

Loss of Perspective?

USB Restricted Mode “supports our right to privacy,” observed Rob Enderle, principal analyst at the Enderle Group.

“For some screwy reason, the U.S. principle for cellphones and technology in general is that if it could help convict a criminal it’s OK to put the billions using the technology at risk,” he told TechNewsWorld.

“I think U.S. law enforcement has lost perspective here badly,” Enderle said, “largely because the senior folks fundamentally don’t understand the related risks.”

Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology.
Email Richard.

You Might Also Like