Law enforcement agencies have found a workaround to Apple’s iOS 12 security features
A very important feature in Apple’s upcoming iOS 12 update is USB Restricted Mode. A normal user will not be particularly affected by this, but if you are in any way concerned about your privacy, this feature could be critical.
If you remember the FBI-Apple standoff in 2016, the FBI had demanded that Apple deliberately compromise its operating system by inserting a backdoor that the FBI could access. Apple fought the FBI in court, but before a decision could be reached, the FBI backed off claiming that they had found someone who could break into iPhones for them, for a price, of course.
While it is easy to appreciate the FBI’s perspective, as Apple repeatedly pointed out, the potential for misuse is far greater than any potential benefit to law enforcement.
“Compromising the security of our personal information can ultimately put our personal safety at risk,” said Tim Cook in a public letter to customers.
Apple has since put in quite the effort to increase the security of its operating systems. From making 6-digit passwords the default to religiously patching every single loophole that was found, Apple was always working to keep snoopers out.
Two companies have so far helped the FBI and other law enforcement agencies gain access to iPhones have been Cellebrite and Grayshift. Of these, Grayshift is the more recent entrant and one that seems to have helped take iPhone cracking mainstream for law enforcement. Founded by a former Apple engineer, Grayshift sells a $15,000 box — called GrayKey — that can be used to crack iPhones.
Motherboard has a detailed explanation on what is known of GrayKey’s working. Suffice it to say that the device brute-forces its way through two iPhones at a time once they’re connected to the box via Lightning cables. Brute-forcing is a technique where passwords are tried one after another till the device unlocks.
In order to counter hacks like the ones used by GrayKey, Apple introduced USB Restricted Mode. iOS 12 will essentially disable the USB port of an iOS 12 device if the device hasn’t been unlocked for an hour. The device can still be charged from the port, but it will be unusable for anything else.
Law enforcement officials are understandably unhappy with Apple’s decision. But, Motherboard reports that they have learned that Greyshift has already found a way around Apple’s restrictions in the iOS 12 Beta and are unconcerned with USB Restricted Mode.
The battle to protect user privacy is a never-ending one, and one that may never be definitively won. But hey, as long someone is fighting, hope is never lost.