Thursday, July 12, 2018

iOS 11.4.1 designed to foil GrayKey and other cracking tools

iPhone (Image courtesy of Apple Corporation)Since my announcement early yesterday that iOS 11.4.1 was released, I've been getting a steady stream of questions about what's in the release, if iPhone and iPad users should update their devices to it and how to use it's most important new security feature for travelers, “USB Restricted Mode.”

Apple mobile devices have been a premium choice for many photographers and those desiring Apple's iDevice leading edge security.

iOS 11.4.1, like prior iOS releases is compatible with the iPhone 5S or later, iPad mini's or later, the the 6th generation iPod touch or later. 

There is some downside with this update. If you've jailbroken your iDevice, iOS 11.4.1 will break the jailbreak. You'll need to jailbreak your device again when software to accomplish that is available. If the jailbroken features are important to you, don't update at this time.

Some users who previously reported performance and battery drain issues with their iDevices under iOS 11.4 report that these problems haven't been addressed, but more users are reporting they are seeing some improvements in both. In their description of iOS 11.4.1 (found below) Apple doesn't mention addressing performance or battery issues.
“iOS 11.4.1 includes bug fixes and improves the security of your iPhone or iPad. This update:
• Fixes an issue that prevented some users from viewing the last known location of their AirPods in Find My iPhone
• Improves reliability of syncing mail, contacts and notes with Exchange accounts”
There are only isolated stability problems reported with iOS 11.4.1 to date, which means after approximately two months of testing, the update looks very good. The problems being reported are in the area of CarPlay syncing, social media login issues and Spotify glitches. I noticed a few reports of heat build-up complaints, so that looks good too.

It is very early, as iOS 11.4.1 has only been available for a few days, but on some iOS 11.X updates, within 72 hours there were a host of reported problems. We're not seeing that, at this point.

In addition, yesterday Apple released the specific security updates issued in the iOS 11.4.1 update. There are fifteen issues addressed by the update including: CFNetwork, Emoji, Kernal, libxpc (2), LinkPresentation, WebKit (7), WebKit Page Loading and Wi-Fi issues.

For travelers, especially at the U.S. border, where Customs and Border Protection (CBP) agents can confiscate electronic devices to scan them, the big deal in this update is the “USB Restricted Mode.” This is an unexpected bonus for iOS 11. It was supposed to debut in iOS 12.

After you update your iDevice to 11.4.1, you'll find a toggle switch in settings, in the Touch ID & Passcode section, except for the iPhone X, in which it's located in the Face ID & Passcode section, called “USB Accessories.” It's off by default.

It's caption explains:
“Unlock iPhone [iPad] to allow USB accessories to connect when it has been more than an hour since your iPhone [iPad] was unlocked.”
The iDevice will do exactly what that says. One hour after your iDevice hasn't been unlocked, USB accessories plugged into your iDevice won't work, so devices such as GrayKey can't hack in.

This is where users seem to be confused. When “USB Accessories” is turned on, the toggle switch will be turned off with the switch colored gray. If you aren't concerned about about someone breaking into your iPhone/iPad then you can turn the switch on (green) which turns the “USB Restrictive Mode” off.

Got it yet?
Off means it's on! On means it's off.
Elcomsoft has done some extensive testing of “USB Restrictive Mode” and found it works well. Oleg Afonin of Elcomsoft wrote that their tests,
“… confirm that USB Restricted Mode is maintained through reboots, and persists software restores via Recovery mode. In other words, we have found no obvious way to break USB Restricted Mode once it is already engaged…”
There is one way CBP as well as law enforcement can still use device hacker hardware. If the “USB Restrictive Mode” hasn't engaged, simply plugging a USB accessory into the iDevice will reset the “USB Restrictive Mode” clock and give them time to break into your iDevice. The connection need not be a “trusted” accessory or computer.

You can manually turn on “USB Restrictive Mode” via SOS mode. If you put your device into SOS mode, then the iDevice will behave as though you haven't unlocked it for an hour.

“USB Restrictive Mode” is a welcome addition to the iDevice security arsenal for travelers and everyone else. Many, if not most cellphone users have considerable private information on their cellphones and for iDevice users, “USB Restrictive Mode” will help keep user information private.

This shouldn't be the end of Apple's work on this iOS feature. The ability to use an untrusted accessory to keep the iDevice from locking should be eliminated. Moreover, there should be an easy way to manually turn on “USB Restrictive mode,” not just turning on SOS mode. Hopefully, Apple already understands this, but in the meantime, like others, I've sent in a feature request.

1 comment:

Ted-LA said...

Thanks for the heads-up. I've put it on and haven't had any problems, but I've tested the USB feature and it works. After about an hour my port is dead until I log in. It did take a charge however. It just wouldn't sync.

Post a Comment