According to Reuters, Apple has decided to change the default settings in iOS to cut off communication through the USB port when the device hasn’t been unlocked in the past hour. In doing so, the company aims to protect all customers, especially in countries where phones are readily obtained by police or by criminals with extensive resources.
Currently, forensic companies like GrayShift, Cellebrite, and others connect through the USB port to bypass security provisions that limit how many password guesses can be made on a device before it freezes or erases data. Under new USB Restricted Mode settings, this will no longer be possible on devices after one hour.
According to Reuters:
Apple representatives said the change in settings will protect customers in countries where law enforcement seizes and tries to crack phones with fewer legal restrictions than under U.S. law. They also noted that criminals, spies and unscrupulous people often use the same techniques. Even some of the methods most prized by intelligence agencies have been leaked on the internet.
Law enforcement, meanwhile, is not too happy with Apple’s focus on user security and privacy:
“If we go back to the situation where we again don’t have access, now we know directly all the evidence we’ve lost and all the kids we can’t put into a position of safety,” said Chuck Cohen, who leads an Indiana State Police task force on internet crimes against children. The Indiana State Police said it unlocked 96 iPhones for various cases this year, each time with a warrant, using a $15,000 device it bought in March from a company called Grayshift.”
The iPhone maker confirms the switch has been documented on the beta versions of iOS 11.4.1 and iOS 12. It will be made permanent in a future general release.
In a prepared statement, the company notes:
We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data. We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.
Naturally, this switch might not sit well with law enforcement. However, it shouldn’t come as a surprise. Apple has long fought legislation or other ways to force technology companies to maintain access to users’ communications. In 2016, for example, it went to court to challenge an order that required it to break into an iPhone 5c used by a killer in San Bernardino. Eventually, the FBI found another way to break into the phone.
Back in May, it was discovered iOS 11.4 included a new feature called USB Restricted Mode. Under that iOS version, Apple imposed a seven-day window during which accessories can use the USB data connection over the Lightning port. In iOS 11.4.1 and iOS 12, it looks like further restrictions are coming.