Earlier in the month, we reported that Apple may be planning to push back against the "affordable" GrayKey iPhone unlocking boxes being sold by a former Apple employee to government authorities. While this was only hinted through iOS 11.3 and iOS 12 betas that came with a USB Restricted Mode, Apple has now confirmed this move.
The upcoming USB Restricted Mode effectively allows iOS users to limit access to a locked iPhone through its USB / Lightning port. With USB Restricted Mode enabled, users can have their iPhone’s Lightning port locked one hour after they lock their phones. If enabled - which it will be by default (yayy!) - this port can only be used for charging after that one hour period and nothing else.
Since iPhone hacks and unlocks usually work through this port, Apple's decision to restrict its use will severely impact all such devices being sold by the likes of GrayShift and Cellebrite to the government authorities worldwide.
Apple confirms it's going to restrict the Lightning port use on iPhone, potentially rendering GrayKey like products useless
Having a device in the market that offers criminals - and law enforcement - the ability to get into any iPhone, no matter what the iOS version, for as low as $100 turned into a nightmare for Apple. This GrayKey iPhone unlocking box was also speculated to have been secretly supported by Apple itself to avoid FBI and DOD stalking it and threatening it with regulations that could spell the end for end to end encryption.
Apple "could" have supported it if GrayKey had remained a government secret. However, as everyone in the industry knows no matter how secret, it eventually makes its way to the criminals and the public. While it's more of a conspiracy theory that Apple was involved in the process, GrayKey turned into a major disaster for the company that sells its products on the basis of security.
In a statement today, Apple has confirmed that it is indeed going to roll out the USB Restricted Mode, undercutting the easiest way law enforcement or criminals break into iPhones or iPads. However, the company said it isn't doing so to frustrate FBI. [It didn't really mention FBI, but we all know no one hates Apple more than the FBI...]
“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” Apple said in a statement.
“We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”
Apple said this change will protect its customers in countries where law enforcement doesn't follow legal restrictions employed in the US, adding that criminals and other often used the same techniques. In the past, it was discovered that Cellebrite sold its products to some of the most repressive governments of the world.
With the new iOS update, iPhone hackers will have an hour to get an iPhone plugged into the cracking device. Researchers suggest that this could cut access by 90 percent, TechCrunch reported. Criminals and FBI-like agencies might, however, get even more of these products to make them available locally to unlock the seized iPhones before that 1-hour expiry time.