Here's How Apple's Stopping Police from Breaking into iPhones

Jun 13, 2018 11:00 PM
Jul 9, 2018 07:44 PM
636645023879657259.jpg

Since the San Bernardino shooting in 2014, Apple's been engaged in a game of cat and mouse with law enforcement. Authorities want access to evidence on criminals' iPhones, but Apple wants to protect all of its customers' personal data equally. The latest installment in this saga has Apple outright disabling the Lightning port.

Cellebrite & GrayKey

In February 2018, Israeli company Cellebrite told its customers it had a tool that could unlock any iPhone in existence. Per CNN, Cellebrite is the "FBI's go-to phone hacker," so this new tool had serious implications — US law enforcement agencies could now bypass Apple's latest security measures to break into any iPhone.

A couple of months later, Grayshift, a company run by long-time US intelligence agency contractors, started advertising a new tool called GrayKey that could also unlock any iPhone. Law enforcement agencies could nab a GrayKey for the relatively low price of $15,000.

Bypassing iOS' Lockout System

Both of these tools exploit an unknown weakness in the iPhone's lock screen. Normally, when someone enters the wrong PIN or password on an iPhone, a counter is started. After six incorrect attempts, the phone prevents you from even attempting to enter a passcode for one minute. Seven failed attempts locks you out for five minutes, eight locks you out for 15 more, and nine locks you out for an hour. After the tenth failed attempt, the phone will either require you to restore with iTunes or completely wipe itself to protect your data, depending on your preference.

This lockout system protects your phone against brute-force password hacking attacks. For instance, if you use a 4-digit PIN, there are only 10,000 different possible combinations. If someone started with 0000 and went all the way to 9999, they'd eventually find your PIN and unlock your phone. But iOS' lockout system ensures they only get 10 tries — normally.

636644997414657383.jpg

1-minute lockout after six failed login attempts.

636644997579032163.jpg

5-minute lockout after seven attempts.

636644997414657383.jpg

1-minute lockout after six failed login attempts.

636644997579032163.jpg

5-minute lockout after seven attempts.

Somehow, Cellebrite and GrayKey are able to bypass this lockout system. These devices connect to the iPhone's Lightning port and run brute-force passcode cracking algorithms without starting the counter. This gives law enforcement as many chances as they need to unlock an iPhone, and Apple has been unable to identify the loophole they're using to bypass the counter.

Since Apple doesn't know exactly how these devices are getting past their lock screen, they can't patch their software to prevent them from unlocking an iPhone — at least in the traditional sense. Instead, starting with iOS 11.4, Apple is disabling the Lightning port in certain situations to completely lock out devices like GrayKey and Cellebrite. But this has some implications when it comes to charging your iPhone or using it with a computer.

USB Restricted Mode: Apple's Latest Solution

With iOS 11.4, your iPhone will completely disable its own Lightning port if your phone hasn't been unlocked in the last seven days. This means if it's been sitting in an evidence locker while police are arranging a subpoena, they won't be able to connect a Cellebrite or GrayKey to it.

Starting with iOS 11.4.1, and also included in iOS 12, which will be released to the public this fall, Apple's taking USB Restricted Mode a step further. Now, your iPhone will disable its Lightning port one hour after the last time you unlocked it. So if your phone's been sitting on your desk for 60 minutes, you won't be able to connect anything to it until you unlock it with your passcode, Touch ID, or Face ID again.

Now, if law enforcement agencies want to break into an iPhone with Cellebrite or GrayKey, they'll have to act fast. Even then, because of the nature of brute-force hacking, it's extremely unlikely that either of these tools will get past iOS 11.4.1 or 12's lock screen. Passcodes would take days or weeks to hack with one of these devices, but now the window is only an hour. However, this does change a few things with how your iPhone will work in the future.

How This Will Affect You

Although it makes your iPhone more secure, the new USB Restricted Mode feature has some downsides. Once the feature kicks in, your iPhone's Lightning port will ignore any data connections and only accept power. But this only applies if the cable you're using is only connected to a power source like a wall charger, so things get tricky when your phone's plugged into your computer.

After 60 minutes without unlocking, you'll get a "USB Accessories" notification when you plug your phone into a computer or any other device that uses a USB data connection. Any activity attempted through USB will be ignored — even if you've trusted the computer your phone is connected to. iTunes won't work, so you won't be able to view or play music from your computer, and more importantly, you won't be able to charge your iPhone with your computer.

To restore this functionality, you'll have to unlock your iPhone with Face ID, Touch ID, or your passcode. If you keep your iPhone plugged in while you unlock it, the timer won't start over again, so it will remain connected even after an hour passes without unlocking your phone. Once you disconnect, the timer starts again, so if you try to reconnect that device an hour later, you'll need to unlock your iPhone again.

To be clear, headphones and power-only accessories will continue to work even after USB Restricted Mode kicks in. And while this all may sound complicated, all you'll need to do is unlock your iPhone if you've noticed it's not working with your computer — though note that you can disable the feature if you must.

Cover image and screenshots by Dallas Thomas/Gadget Hacks

Comments

No Comments Exist

Be the first, drop a comment!