USB Restricted Mode FUD and how to avoid it

iPhone 7
iPhone 7

July 18, 2018: iOS 12 beta 4 closes USB Restricted Mode one-hour window

Security is perpetually at war with convenience. In the last version of iOS, Apple kept USB Restricted Mode from activating for one hour after an iPhone or iPad was last unlocked. As of iOS 12 beta 4, that one hour window is gone, and a passcode is required any time an iPhone is locked and a USB accessory is plugged in.

This is my personal preference, as mentioned in the original article below, but it may cause some complaints about passcode fatigure for people who care more about ease of use than data protection.

We'll also have to wait and see what behavior the final version of iOS 12.0 ships with this fall.

There's some FUD — Fear Uncertainty and Doubt — going around about the new USB Restricted Mode Apple shipped as part of iOS 11.4.1 and the iOS 12 beta. USB Restricted Mode is a new security system that's meant to prevent third parties from trying to connect your iPhone and iPad over USB and extract your data.

Here's how Apple says it works:

If you don't first unlock your password-protected iOS device—or you haven't unlocked and connected it to a USB accessory within the past hour—your iOS device won't communicate with the accessory or computer, and in some cases, it might not charge. You might also see an alert asking you to unlock your device to use accessories.If the USB accessory is still not recognized after you unlock your device, disconnect your device from the accessory, unlock your device, and then reconnect the accessory.Your iPhone, iPad, or iPod touch charges as usual when it's connected to a USB power adapter.

There are some exceptions and overrides, of course:

You can allow your iOS device to always access USB accessories, for example, if you use a USB assistive device to enter your passcode on your locked iPhone. Many assistive devices will automatically turn on the setting to allow USB devices the first time they're connected.If you don't connect to USB accessories regularly, you might need to turn on this setting manually.

That's because security perpetually has to be balanced against convenience.

Which brings us to the FUD:

What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.

First, there's no such thing as "untrusted USB accessories". There are "untrusted devices", namely devices like computers capable of pairing with and extracting data from an iOS device, but not "untrusted USB accessory". By itself, that statement sets off all kinds of alarms.

Second, Apple itself outlined why some devices, like accessibility devices, can override the lockout. That's because the daily usage of those devices requires an element of convenience that Apple believes supersedes the need for security.

So why are we able to fool USB Restricted Mode as easy? Is this an oversight that somehow slipped through the testing of all the five iOS 11.4.1 betas? Will Apple patch it in iOS 11.4.2 or iOS 12?

Here's the process for how that article should have been developed, if it cared more about getting to the facts and less about stealing attention through sensationalism:

  1. Discover behavior.
  2. Disclose it to Apple.
  3. If it's a bug, work with Apple to get it patched prior to disclosure.
  4. If it's not a bug, disclose the behavior along with cogent arguments about why you agree or disagree with the choice of behaviors.

In this case, it's not an oversight. It's a choice to balance convenience and security. Personally, I'd prefer Apple biased a little more towards security in this case, but I also understand I'm not everyone and it's tough to juggle things like accessibility devices and persistent accessories.

Increasingly, it's not the bits that are the exploit or the malware, it's the coverage of the bits. That's terrible for everyone from media to customers.

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

7 Comments
  • Where is the FUD here? Everything they explained, as you confirmed, is accurate. They just didn't understand the behavior they describe is intended. But the implications are the same, no? All one needs to do is connect our devices to a USB accessory prior to the lock to reset the timer, no?
  • Not understanding something correctly often leads to people writing articles because they think they understood it correctly, basically spreading lies, aka FUD. I don't know how many articles there are spreading FUD about the USB restricted mode, but you can't blame Rene for being pre-emptive
  • That comment is spam and should be deleted.
  • Hey Rene, one thing I am not seeing main apple media outlets talk about here is the fact that this also gives connection to iTunes a 1 hour limitation, so, where previously one could gain access to an iOS device if a computer it was synced to was available, once USB Restricted Mode is enabled, the connection is completely turned off, iTunes didn't do anything when I connected my iPhone that had not been unlocked for over an hour, just a new vibration and message on the iPhone itself to unlock it to use it with accessories, (I don't think it was even charging, regardless of what the following says)... (from https://blog.elcomsoft.com/2018/06/ios-11-4-1-beta-usb-restricted-mode-h...): "How do we know this is the “proper” USB Restricted Mode this time? Because, unlike before, there is zero data communicated over the USB port once this feature kicks in. iTunes does not see the device at all; no “unlock this device to access” and no pairing request. The iPhone just charges off the computer’s USB port, transmitting no information. We have not been able to access even the basic information about the device using the Elcomsoft iOS Forensic Toolkit I(nfo) command, the very same command that returns identification information about an iOS device even if it has never been paired with the computer. The End of Forensic Use of Lockdown Records?
    The police were frequently using lockdown records extracted from suspects’ computers to access the content of locked devices and produce iTunes-styles backups; all that without knowing the passcode or unlocking the phone with Touch ID/Face ID. The toned-down version of USB Restricted Mode that was included in previous versions of iOS already put a limit of only 24 hours, after which the iPhone would have to be unlocked (24-48 hours: with Touch ID/Face ID or passcode; after 48 hours: passcode only) in order to make use of the existing lockdown record. The new USB Restricted Mode puts significantly more severe limitations in place. Not only will the experts have an extremely small window of opportunity of just one hours, but they may lose the ability to do just about anything with the device once it shuts down the USB port – including the ability to run a password cracking tool." Charging with a brick works still...I just confirmed this...I hooked it up to my computer and it did nothing, (correction, a did a new vibration to get my attention), message on iPhone said to unlock it to use accessories, I did not unlock it, I plugged it into my Apple charging brick, (one that came with an iPad), and it charges without unlocking it, I then connected to computer again and it still asked me to unlock it. —Thank you Apple!
  • It's better than nothing, BUT this should be AN OPTION. Apple doesn't like those, look at #SlowGate. If I don't want it to be timed out by "untrusted USB" it shouldn't be. I'm fortunate enough not to need accessibility devices, so I shouldn't have to lack security for something they need. "Second, Apple itself outlined why some devices, like accessibility devices, can override the lockout. That's because the daily usage of those devices requires an element of convenience that Apple believes supersedes the need for security." Key point ***APPLE BELIEVES***, if I don't, I should be able to change it. It's not a huge rewrite to add "only reset the timer if this switch is off". So, what can happen here, is Celebrite tells the cops to keep plugging the phone in every 59 minutes, then plug it in to their "untrusted device" and they're still business as usual. I'd prefer a manual time code. For me, I want it locked 100% if I don't unlock. Allow charging, but that's it. I'll unlock when I dock for Carplay. Apple seems to be "choice-phobic" and doesn't like those who "Think Different" anymore.
  • Did you miss the part where you can toggle this option off? Go to Lock screen settings, and toggle it. Then your whole comment is void
  • Let's just get to the meat of the problem. Change your passcode to 7 digits or more or make it a passphrase and these security boxes will not be able to open your phone for years.