In a change possibly targeted at law enforcement, Apple is changing iOS to disable the USB port after a device is idle for seven days, and only a user unlock can reverse it.
iOS 11.4, currently in public beta, adds a feature designed to frustrate law enforcement and device thieves: If a device isn't unlocked over the course of seven days, data connections from its USB port are disabled.
Called USB Restricted Mode, the change was first reported by Russian software firm ElcomSoft. After seven days of inactivity, USB Restricted Mode prevents the port from being used to do anything except charge the device.
iOS devices in USB Restricted Mode communicate nothing to a connected computer—even the dialog window asking whether it's a trusted machine won't appear. If the device's owner unlocks their iPhone or iPad with a passcode or via biometric identification, USB Restricted Mode is disabled and the seven-day countdown starts over.
Apple's relationship with law enforcement soured in 2016 after the FBI sued the company to gain access to the San Bernardino shooter's iPhone, which Apple was reluctant to do. The suit was dropped after the FBI managed to use third-party software to bypass security, and investigators wouldn't tell Apple how they gained access.
SEE: IT physical security policy (Tech Pro Research)
USB Restricted Mode seems to be Apple putting its foot down—hard—by giving law enforcement only seven days to gain access to a device before it's effectively unlockable. Device thieves intent on wiping phones will be affected as well, but given Apple and the FBI's history it's a safe assumption that law enforcement is the primary target.
A pro-user change in an ongoing battle
Tech devices have settled in to a legal gray area that is quickly becoming a morass that seems unlikely to be resolved soon.
As more of our lives, both legal and otherwise, become digital, law enforcement will need to issue warrants for digital information—which by all rights shouldn't be any more unreachable than physical documents kept in a safe: If the warrant covers it, law enforcement will get access regardless of safe manufacturer concerns or cries of personal privacy.
On the other hand Apple, and companies likely to follow suit by implementing their own USB Restricted Modes, are right in being concerned about governments having backdoors to their devices—they've been stolen before and in all likelihood will be stolen again.
It will take some time for a compromise between device manufacturers and law enforcement that will both protect user privacy and give investigators access to data they require for their investigations. Until then, Apple users can at least rest assured that their devices are a bit more secure from intrusion in iOS 11.4 than they were before.
The big takeaways for tech leaders:
- USB Restricted Mode, a new feature of iOS 11.4, will block data connections to iOS devices' data ports if the device hasn't been unlocked in seven days.
- Restricted Mode cannot be disabled without a passcode unlock or biometric login, which deactivate it immediately.
- 10 ways to raise your users' cybersecurity IQ (free PDF) (TechRepublic)
- FBI says it can't access Texas gunman's encrypted iPhone (ZDNet)
- Digital forensics: A cheat sheet (TechRepublic)
- FBI allowed to keep secret details of iPhone hacking tool, court rules (ZDNet)
- Digital forensics resembles the Wild West when it comes to regulation (TechRepublic)