Apple’s iOS 11.4.1 blocks tools governments use to crack open iPhones

After months of hints and restarts, Apple has included a key new security feature in the newly released iOS 11.4.1: USB Restricted Mode.
(Flickr / Wiyre Media)

After months of hints and restarts, Apple has included a key new security feature in the newly released iOS 11.4.1: USB Restricted Mode.

The new mode restricts access to iPhones by USB devices and thereby aims to stymie the tools that law enforcement, intelligence agencies and private companies like Cellebrite use to crack iPhone security and look at the data inside.

The new restricted mode is on by default. You can see it in the passcode settings on iOS devices where the setting for USB Accessories is by default off. After one hour, iOS blocks USB accessories connecting to the device through cable adapters to the phone’s Lightning port.

Will this effectively shut out tools like Cellebrite and GrayShift‘s GrayKey? It’s too early to tell the long-term impact. When the feature was in beta several weeks ago, both companies previously told customers they can likely get around new security methods. Both also cautioned customers, though, that they didn’t know what was coming in the official release.


It only took a few hours for researchers at Elcomsoft showed that connecting an iPhone to an accessory resets the USB Restricted Mode countdown and therefore seems to offer a potent bypass to the new security feature.

“In other words, we have found no obvious way to break USB Restricted Mode once it is already engaged,” Elcomsoft’s Oleg Afonin wrote. “However, we discovered a workaround.”

As Elcomsoft notes, this is something Apple could potentially fix in future releases. Does that mean a new chapter of this arms race is open?

If the companies and their government customers are unable to crack the new iOS feature, it may trigger a return to the security standoff that included the moment in 2016 when then-presidential candidate Donald Trump suggested boycotting Apple if it didn’t write code to let police access suspects’ devices.

Dave Maynor, who works on the threat intelligence team at Talos, said the new feature “may be the one of the most important iOS security updates I’ve ever seen.”


Apple did not respond to a request for comment. Last month, the company explained the feature.

“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” an Apple spokesperson said in a statement. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”

Latest Podcasts