Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
IOS Iphone Operating Systems Privacy Security Software Apple Technology

iOS 11.4 Disables Lightning Connector After 7 Days, Limiting Law Enforcement Access (macrumors.com) 268

hyperclocker shares a report from Mac Rumors: The iOS 11.4 update, currently being beta tested, includes a USB Restricted Mode that introduces a week-long expiration date on access to the Lightning port on your iOS devices if your phone hasn't been unlocked, which has implications for law enforcement tools like the GrayKey box. USB Restricted Mode was outlined this morning by Elcomsoft after testing confirmed that the feature has indeed been enabled. In Elcomsoft's experience, after an iPhone or iPad has been updated to iOS 11.4, if it hasn't been unlocked or connected to a paired computer in the last 7 days using a passcode, the Lightning port is useless for data access and limited to charging.

"At this point, it is still unclear whether the USB port is blocked if the device has not been unlocked with a passcode for 7 consecutive days; if the device has not been unlocked at all (password or biometrics); or if the device has not been unlocked or connected to a trusted USB device or computer," reports Elcomsoft. "In our test, we were able to confirm the USB lock after the device has been left idle for 7 days. During this period, we have not tried to unlock the device with Touch ID or connect it to a paired USB device. What we do know, however, is that after the 7 days the Lightning port is only good for charging."

This discussion has been archived. No new comments can be posted.

iOS 11.4 Disables Lightning Connector After 7 Days, Limiting Law Enforcement Access

Comments Filter:
  • As long as I can disable it...

    Just like I disabled TouchID and the passcode. I just want easy access.

    • Please hand over your nerd membership card. It has been invalidated by an nothing-to-hide post, Thanks.

    • by thaylin ( 555395 )

      why would you disable touch ID it is easy access with security still. I mean your thumb is right there anyways. I have learned to hit the touchid when I pick up the device now if I want to unlock it, it litterally costs me no extra time.

    • Given that the passcode itself is still optional, and that this feature requires that you use a passcode, you shouldn't see any change in how you use your device.

      For the rest of us, however, this simply brings the Lightning connector's functionality more in line with the rest of the system, though there's still room for improvement. iOS already forces you to re-enter your passcode on a weekly basis, as well as forcing you to do so if you ever go more than 24 hours without unlocking it. The fact that the Lig

      • But if you have an old iOS device plugged into a music dock, it's suddenly less convenient. I don't.

        • Among the people using a device like that, wouldn't you guess that most people access the phone at least once a week to change the track or source, or else play/pause the audio? If you're already doing that, you'll never see this security feature in action. And among those that don't even look at the screen once a week, how many of them bother keeping a passcode enabled in the first place?

          • You actually don't need to unlock the phone to skip tracks or unpause. For that matter, you could do it with the device controls. My most common music use-case is just a shuffle playlist of my entire library, so it's rare that I would need to do much besides play/pause or skip.

            Whether there's a passcode likely depends on any secondary uses the device has, especially when travelling.

    • by arth1 ( 260657 ) on Tuesday May 08, 2018 @04:20PM (#56576170) Homepage Journal

      As long as I can disable it...

      Just like I disabled TouchID and the passcode. I just want easy access.

      I want the opposite - I want to be able to configure those 7 days down to six hours. Or however long I want.
      So yes, this should be a user decision, not a hardcoded value pulled out of some Apple guy's derriere.

      • I fully agree: let everyone set their level of paranoia. :-)
        • by msauve ( 701917 )
          Unlike, it seems, most here, I won't try to tell you how to use your phone. That's entirely up to you.

          I use Android, and the deep security is the one and only feature which I really admire of an iPhone. Not that there's anything significant I want to hide, it's more a matter of principle. To make the counter-argument, if I have nothing to hide, they have nothing to look for, so why should I let them?

          In reality, I want the phone to lock more so that if my phone is misplaced or stolen, it's not useful to th
      • by eth1 ( 94901 )

        As long as I can disable it...

        Just like I disabled TouchID and the passcode. I just want easy access.

        I want the opposite - I want to be able to configure those 7 days down to six hours. Or however long I want.
        So yes, this should be a user decision, not a hardcoded value pulled out of some Apple guy's derriere.

        How about zero seconds... If I plug my Android phone into my PC, it won't connect via USB if it's locked, only charge. Doesn't matter if I was on it and hit the lock button two seconds earlier.

      • by ceoyoyo ( 59147 )

        I'm not sure why you can pull data through the lightning port without authenticating at all. I guess so you can play music, but surely there's a better way to implement that specific feature.

      • by khchung ( 462899 )

        As long as I can disable it...

        Just like I disabled TouchID and the passcode. I just want easy access.

        I want the opposite - I want to be able to configure those 7 days down to six hours. Or however long I want.
        So yes, this should be a user decision, not a hardcoded value pulled out of some Apple guy's derriere.

        Second this. I use wifi sync and almost never use the connector to sync. I want to be able to completely disable the connector for anything except charging.

      • Check out Apple Configurator 2:

        https://itunes.apple.com/us/ap... [apple.com]

        You can use it to create your own device profile, with considerably more stringent rules than the default options in the on-device menu. It's may not offer as much granularity as you prefer; but it's a good step up from the defaults. I think you can lower the number of failed login attempts down to 2. You can make complex passcodes mandatory and force aging and rotation. Theres a long laundry list of features you can disable. Hell, you coul

  • Good job Apple! (Score:3, Insightful)

    by Murdoch5 ( 1563847 ) on Tuesday May 08, 2018 @03:41PM (#56575838)
    The harder it is for law enforcement to access an electronic device, the better our privacy and personal security. Well it sucks for law enforcement to be restricted from accessing the phones of criminals, that's a sacrifice we MUST allow, for all of us to have basic privacy and security.
    • If it were simple for law enforcement to access the phones of criminals then they wouldn't use them for criminal purposes and only the privacy of average citizens would be compromised.

      • So, I'm definitely on the same side as you in this debate and think that the phones should not have any kind of "back door" or anything like that. But....

        You give criminals way too much credit. In general, they aren't thinking it that far through.

      • Re:Good job Apple! (Score:5, Insightful)

        by rogoshen1 ( 2922505 ) on Tuesday May 08, 2018 @04:04PM (#56576052)

        if it were simple for law enforcement to access the phones of citizens (criminals and innocents alike), they wouldn't just use those capabilities for investigations into criminal matters. It would be a gigantic fishing expedition. Bear in mind the FBI is enthusiastically pushing for back-doors in encryption; it's such a blatant tell as to what their and other LEO groups end game would be. I'm being somewhat sarcastic with this but:

        *red and blue lights in your rearview mirror*
        *police office saunters over, and you roll your window down*
        The officer speaks: "license, registration, and cell phone please"

        Basically to LEO's everyone is a potential suspect. They view due process, privacy rights, the 5th amendment etc as obstacles to doing their job; catching bad guys. But these obstacles are there specifically to keep police honest.

        Sure, removing these obstacles might net a few more criminals locked up, crimes solved etc -- but it comes at the cost of increasingly aggressive police behavior, and erosion of civil liberties.

        Once government on any level gets power, it never, ever voluntarily relinquishes it.

        • Basically to LEO's everyone is a potential suspect. They view due process, privacy rights, the 5th amendment etc as obstacles to doing their job; catching bad guys. But these obstacles are there specifically to keep police honest..

          I've worked with a number of LEOs, including senior people, and their view of due process, search limits, etc, were positive. They want to arrest bad guys but as one put it "those same protections protect me as a private citizen a well and I don't want them to be trampled in the search for a bad guy."

    • by arth1 ( 260657 )

      Well it sucks for law enforcement to be restricted from accessing the phones of criminals

      The police are not judges. They are suspects, not criminals. Many of which may be found not guilty, in which case they are innocents, not criminals.

  • First words out (Score:5, Insightful)

    by jwhyche ( 6192 ) on Tuesday May 08, 2018 @03:50PM (#56575922) Homepage

    I'm just going to put this here because I know where this topics going go.

    First words out of your mouth when talking to law enforcement are as follows, "I want my lawyer."

    Then you shut the fuck up till he gets there.

    • by mark-t ( 151149 )

      That depends if your time is worth the inconvenience of having to wait for the lawyer.

      If you are needing to be somewhere and the annoyance of having to comply for a few minutes is worth missing your appointment in addition to waiting for 2 or 3 hours for your lawyer to arrive, then sure...

      Personally, I'd rather just do what they say.... barring being placed under arrest, I don't think I'd be saying I want to speak with my lawyer unless they gave me a real indication that my life was about to get a whol

      • Re:First words out (Score:5, Informative)

        by jwhyche ( 6192 ) on Tuesday May 08, 2018 @05:58PM (#56576760) Homepage

        Depends on how much your time is worth to you. Under my original post I pictured that you are already chained to a desk in a gray room waiting for a detective to grace you with his time. If that is the case it is safe to assume your ass is under arrest and anything else you have to do is going to be of less importance.

        Always assume that if you are talking to a detective that you are the subject of a criminal investigation. If you are confronted by ether a detective or clothed officer on the street wanting to ask you questions, state that you do not want to be involved. Then seek to remove yourself from the encounter. Do not ever lie to law enforcement or flee from a scene. Just state you do not wish to discuss things with out your lawyer. Then asked "Am I free to go?"

        If you are asked to come down to the station by law enforcement for some later "questions." State that you have nothing to say, and that you would rather not go. If you are compelled, ether involuntary or voluntary, consult a lawyer and have him with you during the questioning.

        If you find yourself in a interrogation room and not chained to a desk first thing to do is determine if you are being detained. Once the detective enters the room, first thing you ask is "Am I under arrest?" If you are not under arrest then you ask "Am I free to leave?"

        If they say you are under arrest or that you are not free to leave, then ask for your lawyer and shut the fuck up. If they say you are free to leave, get up and walk out. Do not shake hands, do not say good bye. Leave. Important take everything with you that you came in with and do not take anything offered. No food or water, nothing.

        Always keep asking "am I under arrest" and "am I free to go" till you get an answer.

        • by mark-t ( 151149 )

          Depends on how much your time is worth to you. Under my original post I pictured that you are already chained to a desk in a gray room waiting for a detective to grace you with his time. If that is the case it is safe to assume your ass is under arrest and anything else you have to do is going to be of less importance.

          Yes, in that case, I would definitely be asking for my lawyer.... but in my admittedly few experiences with being questioned by police it has always been thankfully brief, lasting only 2 or 3

    • Works for the police... but what about entering the USA, especially as a non US citizen?
    • Re:First words out (Score:4, Informative)

      by DarkOx ( 621550 ) on Tuesday May 08, 2018 @04:23PM (#56576188) Journal

      First words out of your mouth when talking to law enforcement are as follows, "I want my lawyer."

      Then you shut the fuck up till he gets there.

      There is ONE exception; if you have just killed someone than its "I was afraid for my life" which keep repeating as if you have no understanding of what is going for 20min or so than switch to "I want my lawyer" and promptly shut up.

    • I'm just going to put this here because I know where this topics going go.

      First words out of your mouth when talking to law enforcement are as follows, "I want my lawyer."

      Then you shut the fuck up till he gets there.

      Good advice. Every cop I know gives the same advice.

  • A week? (Score:5, Insightful)

    by Arbitary5664 ( 1979712 ) on Tuesday May 08, 2018 @03:59PM (#56575996)
    Why not... an hour or something? It's not like people need access to transfer data via the lightning port when the device isn't within reach, and unlocking is trivial.
  • So if I hook the phone up to the car stereo via a usb cable, or to the Windows laptop via a usb cable, I'd be outta luck?

    This means I'd have to get an Android phone next. Who thought up this idiocy?

    • "So if I hook the phone up to the car stereo via a usb cable, or to the Windows laptop via a usb cable, I'd be outta luck?"
      You'd be out of luck if you haven't entered the passcode in 7 days or used your fingerprint and don't want to be bothered with authenticating by those means.

      "Who thought up this idiocy?"
      Someone who doesn't like their security controls being bypassed.

    • So if I hook the phone up to the car stereo via a usb cable, or to the Windows laptop via a usb cable, I'd be outta luck?

      iOS already requires that you use your passcode to unlock the device if it's been more than a week since the last time you used it, as well as after 24 hours if you haven't unlocked it using TouchID or FaceID during that time, and those have been true for several years now. So, if you wanted to control your music on, say, your car stereo, you'd already need to unlock your phone. This wouldn't change that.

      All this is doing is making it necessary to enter your passcode if you haven't unlocked the phone in the

  • Is there any reason not to have an option to keep USB restricted mode unless the device is *currently* unlocked? Or it has to be unlocked within the last 5 minutes? What use case is there where you want to connect USB to it but cannot unlock it? (Aside from, of course nefarious purposes)

    • Is there any reason not to have an option to keep USB restricted mode unless the device is *currently* unlocked?

      In theory right now I think you can connect a phone to the car and have music immediately playing without having to unlock the phone...

      The way people use phones though, I'd make the duration 24 hours before blocking data access as almost certainly someone will unlock a phone once every 24 hours. Seven days seems like a bit too long.

      • That's a pretty good example. What I imagine would be better is 1. I plug my phone into the car 2. My screen lights up "unlock phone for USB connectivity" 3. I unlock my phone, and authorize the usb. Then it stays connected, even if my phone locks again. If I unplug and re-plug it, I can unlock the phone again.

  • Awesome - when can I get 11.4? We need to take our privacy back!
  • iPhones already need to be unlocked before a new connected device will be authorized to access data from the phone, so that's not what this feature is for. Presumably, this new feature will prevent exploitation of flaws in the USB driver, which is presumably the exploit utilized by Cellebrite and/or Grayshift. The better long-term solution is to fix those flaws.
    The real issue is that the 7-day limitation makes it nearly useless. It's taking a bet that whatever attacker seized your phone won't use the unlock

I've got a bad feeling about this.

Working...