July 18, 2018: iOS 12 beta 4 closes USB Restricted Mode one-hour window
Security is perpetually at war with convenience. In the last version of iOS, Apple kept USB Restricted Mode from activating for one hour after an iPhone or iPad was last unlocked. As of iOS 12 beta 4, that one hour window is gone, and a passcode is required any time an iPhone is locked and a USB accessory is plugged in.
This is my personal preference, as mentioned in the original article below, but it may cause some complaints about passcode fatigure for people who care more about ease of use than data protection.
We'll also have to wait and see what behavior the final version of iOS 12.0 ships with this fall.
There's some FUD — Fear Uncertainty and Doubt — going around about the new USB Restricted Mode Apple shipped as part of iOS 11.4.1 and the iOS 12 beta. USB Restricted Mode is a new security system that's meant to prevent third parties from trying to connect your iPhone and iPad over USB and extract your data.
Here's how Apple says it works:
If you don't first unlock your password-protected iOS device—or you haven't unlocked and connected it to a USB accessory within the past hour—your iOS device won't communicate with the accessory or computer, and in some cases, it might not charge. You might also see an alert asking you to unlock your device to use accessories.
If the USB accessory is still not recognized after you unlock your device, disconnect your device from the accessory, unlock your device, and then reconnect the accessory.
Your iPhone, iPad, or iPod touch charges as usual when it's connected to a USB power adapter.
There are some exceptions and overrides, of course:
You can allow your iOS device to always access USB accessories, for example, if you use a USB assistive device to enter your passcode on your locked iPhone. Many assistive devices will automatically turn on the setting to allow USB devices the first time they're connected.
If you don't connect to USB accessories regularly, you might need to turn on this setting manually.
That's because security perpetually has to be balanced against convenience.
Which brings us to the FUD:
What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.
First, there's no such thing as "untrusted USB accessories". There are "untrusted devices", namely devices like computers capable of pairing with and extracting data from an iOS device, but not "untrusted USB accessory". By itself, that statement sets off all kinds of alarms.
Second, Apple itself outlined why some devices, like accessibility devices, can override the lockout. That's because the daily usage of those devices requires an element of convenience that Apple believes supersedes the need for security.
So why are we able to fool USB Restricted Mode as easy? Is this an oversight that somehow slipped through the testing of all the five iOS 11.4.1 betas? Will Apple patch it in iOS 11.4.2 or iOS 12?
Here's the process for how that article should have been developed, if it cared more about getting to the facts and less about stealing attention through sensationalism:
- Discover behavior.
- Disclose it to Apple.
- If it's a bug, work with Apple to get it patched prior to disclosure.
- If it's not a bug, disclose the behavior along with cogent arguments about why you agree or disagree with the choice of behaviors.
In this case, it's not an oversight. It's a choice to balance convenience and security. Personally, I'd prefer Apple biased a little more towards security in this case, but I also understand I'm not everyone and it's tough to juggle things like accessibility devices and persistent accessories.
Increasingly, it's not the bits that are the exploit or the malware, it's the coverage of the bits. That's terrible for everyone from media to customers.