Someone in Cupertino made a mistake.

July 9 in the evening Apple released iOS 11.4.1 for users around the world. In addition to small improvements and corrected bugs in the firmware added USB function Restricted Mode. She had to protect the device against password guessing attacks by using tools like GrayKey, limiting the transfer of data through the Lightning port an hour after the last use of the device. Alas, the security researchers have found a way to disable the feature on a compatible iPhone and iPad.

According to a blog post, a research firm ElcomSoft, law enforcement and attackers can circumvent the new protection mechanism. To do this, simply connect a USB accessory to the Lightning port to enable USB Restricted Mode. The timer on the iOS device will reset, then you can use the tools for hacking and password guessing. If the smartphone or tablet have joined the USB function Restricted Mode and cannot be disabled: it continues to work after a reboot even in recovery mode.

The researchers used tests for the official Apple adapter to connect the camera, but they say that in theory to bypass the security and fit third-party accessories. In the future, they promise to test several models available from AliExpress.

ElcomSoft representatives say that the ability to fool a defense mechanism — a mistake from Apple that fix in the next firmware versions. However now bypass the USB Mode is Restricted to devices running iOS and iOS 11.4.1 12.

Source: 9to5Mac


Please enter your comment!
Please enter your name here