Apple's new USB Restricted Mode, which dropped with the iOS 11.4.1 release yesterday, may not be as secure as previously thought. The feature is designed to protect iPhones against USB devices used by law enforcement to crack your passcode, and works by disabling USB access after the phone has been locked for an hour. Computer security company ElcomSoft, however, has found a loophole.
Researchers with the firm found that the one hour counter will be reset if you plug in a USB accessory within that window, and it doesn't matter whether that accessory has ever been used with the phone in the past, either. Tests showed the bypass even works with Apple's own Lightning to USB 3 camera adapter (which costs $39 in Apple's online store). ElcomSoft is now in the process of performing more tests on other adaptors, although it notes the cheaper $9 Lightning to 3.5mm adaptor doesn't work in the same way.
According to the company's Oleg Afonin, "once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour." He then questions the chances of a device being seized within an hour after its last unlock. "Quite high. We were not able to find any recent stats, but even two years ago an average user unlocked their iPhone at least 80 times a day."
However, ElcomSoft says the ability to postpone Restricted Mode by connecting an iPhone to an untrusted USB accessory is "probably nothing more than an oversight." Given that Apple introduced the Restricted Mode feature in the first place to ward off law enforcement access it seems unlikely that they'd purposefully include such a basic loophole. It's not yet clear what action -- if any -- Apple will take on this, but it won't be too difficult to rectify in subsequent versions of iOS.