Apple iOS 12 USB Restricted Mode to foil thieves, law enforcement

A security feature that had popped up in beta versions of Apple's iOS software appears to be coming in earnest as part of iOS 12, and it will protect devices against anyone trying to unlock them via USB.

USB Restricted Mode is described in the iOS 12 settings as the option to enable or deny the ability to "unlock [an] iPhone to allow USB accessories to connect when it has been more than an hour since your iPhone was locked." In practice, this means a device will require a passcode unlock in order to connect any Lightning-to-USB accessory after the one-hour time limit has passed.

Apple didn't mention USB Restricted Mode during the keynote at its Worldwide Developers Conference on Monday, but developers saw it in the iOS 12 preview, which was released that same day. The setting is on by default and covers any type of security on an iOS device -- Touch ID, Face ID and passcode.

Experts noted USB Restricted Mode will protect users' data if a device is stolen, but it will also deny law enforcement from using unlocking services from companies like GrayKey and Cellebrite -- the latter of which was rumored to have helped the FBI unlock the San Bernardino, Calif., shooter's iPhone.

Earlier tests of USB Restricted Mode had allowed for a one-week time limit, spurring GrayKey to reportedly alert customers of this feature when it surfaced in the iOS 11.3 beta, according to internal email messages obtained by Motherboard. A one-hour time limit could effectively make it impossible for customers to get the device to a company like GrayKey in time to gain brute-force access.

Rusty Carter, vice president of product management at Arxan, based in San Francisco, said USB Restricted Mode "is really about increasing the security of the device. "

If the device is vulnerable to brute-force attacks via wired connection, other security features, like being able to wipe the device after 10 unsuccessful authentication attempts, are rendered useless.

" If the device is vulnerable to brute-force attacks via wired connection, other security features, like being able to wipe the device after 10 unsuccessful authentication attempts, are rendered useless ... they are effectively a false sense of security," Carter wrote via email. "Effectively, any data is vulnerable, unless the individual app developer has done the right thing both to secure and encrypt user data and require more than stored credentials or identity to access the data with their app, which is rarely the case today."

John Callahan, CTO of Veridium, based in Quincy, Mass., said, as a developer, his initial reaction to USB Restricted Mode was, "Great, now I'll have to unlock the phone every time I go to debug a mobile app with Xcode." But he later realized it could have protected a lot of stolen devices if it had been implemented in an earlier version of iOS.

"USB Restricted Mode in iOS 12 a big win for users, because we are keeping more personally identifiable information on our mobile devices, including healthcare, identification and biometric data. Our phones have become our digital wallets, and we expect a maximum level of privacy and convenience," Callahan wrote via email. "Android devices, ironically seen as less secure, have long required unlocking when connected in USB Debug mode. In many ways, Apple is playing catch-up with respect to physical device security."