The iPhone's New 'USB Restricted Mode' Can Be Bypassed by Cheap Accessories

[Lucian Armasu]

Lack of authentication for iPhone accessories can now allow forensics tools companies to bypass Apple's USB Restricted Mode.

The iPhone's New 'USB Restricted Mode' Can Be Bypassed by Cheap Accessories : Read more

 

[jimmysmitty]

There is always going to be a way around. No software is 100% secure. Even encryption is not 100% although to crack some of the best it takes a massive amount of hardware power.

And the day Apple switches to a universal standard like USB Type-C is the day hell will most likely freeze over.

 

[InvalidError]

No software is 100% secure.

It is possible to write 100% secure software - I'm pretty sure I can write a 100% secure 1Hz blinker firmware for an ATtiny8 micro-controller, it'll be as secure as the controller itself can be

However, writing 100% secure software becomes increasingly impractical as complexity goes up, especially on platforms that rely on heaps of boilerplate code and an OS that normal developers have no visibility into or control over.

 

[Mpablo87]

Oh! One more useless device. And it will cost you 1000000000000 dollars. I don't like their products.

 

[ThisIsMe]

It would actually be easy to fix. Apple just needs to set it to disable peripheral detection as soon as the phone is locked by default. Give the user the option to set a timer if desired. Although I don’t see why many people would have an issue with unlocking their phone before connecting such a device, so I don’t see many people even caring enough to want to disable such a good security measure.

 

[Giroro]

Knowing Apple, they'll probably remove physical data pins altogether.
Anyone who wants to transfer data to the phone will need to do so using a proprietary wireless protocol that requires a MacBook and a $75 dongle.

 

[velocityg4]

Apple should just provide options in settings for users. One to only allow authenticated devices and one to never allow any device. Heck, with wireless charging. You should be able to disable the port entirely.

I wouldn’t mind enabling the peripheral connection once a month for encrypted backups in iTunes.

 

[jasonkaler]

I'm pretty sure I can write a 100% secure 1Hz blinker firmware for an ATtiny8 micro-controller, it'll be as secure as the controller itself can be

I doubt it. I bet you $100 I'll be able to re-flash your attiny with my own malware, even if you go to the trouble of disabling the reset fuse so that it can't be re-flashed.
A mere 12v to the reset line and the tiny goes blank, ready to accept my own 2Hz blink routine!

The big problem outlined in this article is that apple secured one entry, while leaving a gaping back-door unprotected.
"Lets secure the door and use that as marketing to tell everyone how secure our devices are" while leaving door B wide open.