iOS 12 makes iPhones immune to ‘brute force’ unlocking

By

GrayKey can bypass iPhone security
Unlocking tools that quickly enter thousands of passcodes though the Lightning port can be blocked out with iOS 12.
Photo: Ed Hardy/Cult of Mac

WWDC 2018 bug Cult of MacThe just-released beta of iOS 12 can be set to partially deactivate the Lightning port after an iPhone hasn’t been used for an hour. This is a clear attempt to make useless the unlocking tools employed by law enforcement.

Police across the country are purchasing a tool called GrayKey. When hooked to an iPhone’s Lightning  port, this swiftly enters thousands of passcodes until the correct one is reached. Deactivating the Lightning port would block its use.

Grayshift’s GrayKey isn’t alone. The Israeli company Cellebrite reportedly uses a similar method to unlock iPhones via the Lightning port.

Law enforcement agencies across the U.S. turn to both options to access data on locked cell phones involved in criminal investigations. Apple resists these efforts, believing that the privacy of its customers is paramount.

Preventing iPhone unlocking through the Lightning port

Early beta versions of iOS 11.3 had a feature called USB Restricted Mode that partially turned off the Lightning port after a week. This didn’t make it to the final version, however.

It’s now returned in the first iOS 12 beta with a new name. And it’s much, much stronger.

In the Touch ID & Passcodes settings page is a toggle for USB Accessories. Apple explains that, when turned on, this will “Unlock iPhone to allow USB accessories to connect when it has been more than an hour since your iPhone was locked.”

With this toggle off, the iPhone’s Lightning port won’t respond to accessories after an hour. Accessories like iPhone unlockers.

This setting still allows charging through the Lightning port, so turning it on should have no effect on day-to-day use of the device. But activating it will make every known ‘brute force’ iPhone unlockers useless.

Unless Grayshift and Cellebrite find a way around it, of course. That’s always possible.

It’s also possible the feature won’t survive until the public release of iOS 12. It’s been in iOS betas and then pulled out before.

Apple released the first beta of iOS 12 at its Worldwide Developer Conference this morning. It’s chock full of new features going well beyond this security tweak.