Apple releases iOS 11.4.1 and blocks passcode cracking tools used by police

Photo by James Bareham / The Verge

Apple today released iOS 11.4.1, and while most of us are already looking ahead to all the new stuff coming in iOS 12, this small update contains an important new security feature: USB Restricted Mode. Apple has added protections against the USB devices being used by law enforcement and private companies that connect over Lightning to crack an iPhone’s passcode and evade Apple’s usual encryption safeguards.

If you go to Settings and check under Face ID (or Touch ID) & Passcode, you’ll see a new toggle for USB Accessories. By default, the switch is off. This means that once your iPhone or iPad has been locked for over an hour straight, iOS will no longer allow USB accessories to connect to the device — shutting out cracking tools like GrayKey as a result. If you’ve got accessories that you want to continue working after your iPhone has been sitting locked for awhile, you can toggle the option on to remove the hour limit.

Apple’s wording is a bit confusing. You should leave the toggle disabled if you want your iPhone to be most secure.

Apple’s decision to implement USB Restricted Mode is a boost to user privacy, but might again put the company at odds with law enforcement and authorities who want to access information stored on recovered or confiscated iPhones. “We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves, and intrusions into their personal data,” Apple said in a statement on the feature. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”

The company famously faced off with the FBI in 2016 over an iPhone connected to the San Bernardino terrorist shootings. Apple refused to build custom software that would have allowed the agency to bypass security measures designed to protect the encrypted data on all iOS products, fearing that such a “backdoor” would quickly fall into malicious hands and make millions of consumers vulnerable. The FBI dropped its case against Apple in March 2017 after revealing that it had managed to access information on the phone through other means. If that exploit was over USB, Apple has now effectively shut down that avenue of breaking into an iPhone.

Aside from the introduction of USB Restricted Mode, iOS 11.4.1 is largely a release of bug fixes for the Find My AirPods feature and syncing with Exchange accounts.



It feels good to own a secure phone.

How’d it feel yesterday?

There’s always another way in.

And Apple will keep sealing the wholes.

I hope they seal the whole hole

That’s what she said.

You’ve got to pay the troll toll, if you want to seal the whole hole.

It will also keep plugging the holes.

Demoed within hours of release.

Hows the notifications?

Same till iOS 12

Give it a rest. That has nothing to do with this article.

Too early to tell. And yup indeed I’ve seen this issue with my own eyes. It was frustrating to troubleshoot, and the key indicator is seeing the Usage and Standby time to be the same(should not be the same at all).

I found that there are two key culprits that cause battery drain: one which is unsurprisingly, Facebook. The last update to the Facebook app made it an absolute monster on battery drain(even when the app itself is swiped away from multitasking). Uninstalling the app entirely, and creating a Safari shortcut to Facebook mobile has worked wonders on my spouse’s device to stop the battery drain.

Another is Youtube(grrr.) I’ve seen many cases of when Youtube is somehow still playing Audio(or at least that’s what it shows under battery stats) and is thus consuming battery in the background unless it is swiped away.

I’ve done all the right things, which include disabling background refresh to everything with the exception of chat apps. We’ll see if this update improves things but I do feel that much of these battery drain issues are placed squarely at the foot of rogue apps and of course – iOS’ not taking more firm control of these runaway processes.

The Facebook app has always been garbage on battery life. If I was one of their iOS devs I’d tell my loved ones I worked at the donkey show, because they’re a byword for incompetence around these parts.

Just an FYI, you don’t need to keep background app refresh turned on for chat apps. In fact those are always the first to go off (I lied, I turn it off for everything) because the apps downloading background messages means the battery is draining unnecessarily.

Oh that’s weird, my iPad Air 2 has been draining itself in a day and a half and I was just thinking it was failing.


Apple aint no snitch.

I was under the impression that the company that assisted the FBI in obtaining the data from the iPhone had to remove the chips from the board to read their contents.

If these are regular FlashRAM chips, I don’t see how anyone could prevent this approach from working.

My understanding is, that was an iPhone 5C and the contents of the flash memory was protected by an encryption key derived from the four (or six?) digit PIN used to lock the phone. If you know the key derivation procedure then it’s not much effort to brute-force it once you are able to make attempts without fear of the phone self-wiping after some number of incorrect attempts.

iPhone 5S and up have a more complicated encryption mechanism that uses the secure enclave phone’s passcode as only one part of the encryption key. (I think part of the key is derived from random sources like the phone’s accelerometer.) It’s done properly so it is not possible to access the contents, if you have direct access to the flash memory (even if you know the phone’s passphrase).

It’s probably still possible to break into the contents of the phone but now it’s going to require extracting stuff from the phone’s secure enclave (designed to be difficult) and breaking the passphrase.

Yes and that’s just one of many ways to do it.

The more ideal method would be one which doesn’t involve disassembling the device. Apple just make it one step more difficult to do that.

But Grayshift has an ex-Apple engineer on staff. They’ll surely find another way in.

And this is a good thing…?

View All Comments
Back to top ↑