Posted on June 15, 2018 at 4:10 PM
According to Apple’s new announcement, the new software update for iOS will finally remove the USB access feature. This will be done in order to protect the safety of users’ information, and prevent the law enforcement, as well as hackers, from gaining access to the locked phone’s data.
Apple removes the iPhone vulnerability
Apple’s newest improvement to iPhone includes the new security measure which will disable the Lightning port of the iPhone. The Lightning port has been serving as both, the data port, as well as the charging port, and from now on, it will be disabled an hour after the phone was last unlocked.
Apple’s spokesperson has stated that the customer is at the center of everything that the company designs, which is why they are working non-stop to improve the devices’ security. Protecting the users from hacking, intrusions, and identity theft has become one of the most important tasks, hence the new improvement.
By implementing this as the new default option, users will still be able to use the Lightning port for charging their devices. However, data transfers will stop until the valid passcode was entered. Apple came to this idea due to the creation of various devices that were developed by federal law enforcement agencies. These devices were specially designed to break into the iPhone, which is something that the company decided to prevent at all costs.
Most of these devices, like GrayKey box, work by installing a software that is capable of cracking the device’s passcode. Various agencies are known to be in possession of this device, FBI included. Another type of devices that this move is expected to prevent include Cellebrite’s UFED devices. These were made to be forensic tools for devices such as iPad and iPhone, which presumes that they are capable of unlocking them.
Apple sees this method of gaining access as an indication that the device is vulnerable, and has decided to fix the vulnerability. Originally, they introduced a feature by the name of USB Restricted Mode, which disabled access to the Lightning connector after a week.
However, the company soon discovered that this mode has vulnerabilities, especially in the way that the system handles the USB devices. The code was reviewed and improved, and the company even added additional mitigation to remove USB as a method of attack. That way, the customers can remove it when it is not needed, without the negative impact on the user experience.
Apple and the law enforcement agencies
There has been quite a history between Apple and federal law enforcement agencies over the years, especially when it comes to unlocking the company’s devices. The biggest conflict between the two came in 2016 after the FBI demanded that Apple unlocks the iPhone of a person who killed 14 people in the previous year, known as the San Bernardino gunman.
Apple refused to create a version of iOS that would allow the access since it would create a backdoor that would put other customers at risk. Despite the fact that the government might promise to limit the use of such a system to this particular case, there is no guarantee that they would actually respect that promise.
The newest security measure is still focused towards protecting the device from bad actors and hackers, much more than protecting them from the FBI. The company has stated that they have the greatest respect for the law enforcement and that their security improvements were not directed towards frustrating the federal agents. However, the move will still do just that, and the relationship between the company and the law enforcement can only suffer even more.
Awake Security’s researcher, Troy Kent, stated that this move obviously shows that Apple respects their users’ privacy and that the move is good for both individuals, as well as for organizations. It will probably damage the relationship between Apple and the law enforcement even further, but there will always be other exploits that can be used, and it is only a matter of time before they are uncovered,
One thing is certain, and that is that the law enforcement within the United States will definitely be impacted by this move. Still, the company has done this to protect their customers, and while this is expected to work without problems in other countries, it will still make a problem for the law enforcement in the US.