New ‘USB Restricted Mode’ in iOS 11.4 Limits Law Enforcement Access

Highlighted first by the Russian software security experts over at Elcomsoft, the upcoming iOS 11.4 update seems to include a new ‘USB Restricted Mode’ that limits access to iOS devices by law enforcement tools like the GrayKey box, by automatically disabling the Lightning connector if an iPhone hasn’t been unlocked for 7 days (via MacRumors).

Iphone lock

According to Elcomsoft’s official blog, once an iPhone or iPad has been updated to iOS 11.4 and it hasn’t been unlocked or connected to a paired computer in the last 7 days using a passcode, its Lightning port becomes useless for data access and is only limited to charging.

In its developer documentation, Apple notes the new mode is meant to boost security on iOS devices: “To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via Lightning connector to the device while unlocked – or enter your device passcode while connected – at least once a week.” 

The experts say the feature made its first appearance in the iOS 11.3 Beta, but was later removed from the final release.

“At this point, it is still unclear whether the USB port is blocked if the device has not been unlocked with a passcode for 7 consecutive days; if the device has not been unlocked at all (password or biometrics); or if the device has not been unlocked or connected to a trusted USB device or computer.

In our test, we were able to confirm the USB lock after the device has been left idle for 7 days. During this period, we have not tried to unlock the device with Touch ID or connect it to a paired USB device. What we do know, however, is that after the 7 days the Lightning port is only good for charging.”

While the new feature may not prevent tools like the GrayKey box from being used on an iOS device all together, it does however severely limit the amount of time that law enforcement officials have to get into a passcode locked device.