While it might be necessary for authorities to access data stored on handsets for criminal investigations, Apple has, historically, refused to cooperate when approached. The Cupertino firm’s efforts to protect iPhone users continues with iOS 11.4, which is currently in beta.
Expected to be publicly released in the coming weeks, iOS 11.4 will come armed with a USB Restricted Mode which will disable the Lightning port’s data functions – limiting its use to just charging a handset – if an iPhone hasn’t been unlocked in seven days. This should, ideally, prevent data stored on the device from being harvested when plugged into a computer via a USB-to-Lightning cable.
The new feature has been tested by security software company Elcomsoft and it has been confirmed that if an iPhone or iPad running iOS 11.4 hasn’t been unlocked, either via a passcode, Face ID or Touch ID, in seven days, its Lightning port will be limited to charging.
Restricted probing
According to Apple’s developer documentation, "To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via Lightning connector to the device while unlocked – or enter your device passcode while connected – at least once a week."
As Elcomsoft points out, plugging the device into a computer after USB Restricted Mode has been enabled won’t bring up the “Trust this computer” prompt until the user unlocks the phone or iPad using a passcode or biometrics.
If law enforcement needs to access data on an Apple device during an investigation, they will have precisely seven days to do so, using tools like GrayKey. That said, there is no way for authorities to know when the phone was last unlocked, so the seven days isn’t a precise window.
The USB Restricted Mode was first introduced in an early beta version of iOS 11.3, but was removed from the final release.
