The iPhone's New 'USB Restricted Mode' Can Be Bypassed by Cheap Accessories

Status
Not open for further replies.

jimmysmitty

Polypheme
Moderator
There is always going to be a way around. No software is 100% secure. Even encryption is not 100% although to crack some of the best it takes a massive amount of hardware power.

And the day Apple switches to a universal standard like USB Type-C is the day hell will most likely freeze over.
 

InvalidError

Titan
Moderator

It is possible to write 100% secure software - I'm pretty sure I can write a 100% secure 1Hz blinker firmware for an ATtiny8 micro-controller, it'll be as secure as the controller itself can be :)

However, writing 100% secure software becomes increasingly impractical as complexity goes up, especially on platforms that rely on heaps of boilerplate code and an OS that normal developers have no visibility into or control over.
 

ThisIsMe

Distinguished
May 15, 2009
155
0
18,680
0
It would actually be easy to fix. Apple just needs to set it to disable peripheral detection as soon as the phone is locked by default. Give the user the option to set a timer if desired. Although I don’t see why many people would have an issue with unlocking their phone before connecting such a device, so I don’t see many people even caring enough to want to disable such a good security measure.
 

Giroro

Reputable
Jan 22, 2015
454
13
4,815
13
Knowing Apple, they'll probably remove physical data pins altogether.
Anyone who wants to transfer data to the phone will need to do so using a proprietary wireless protocol that requires a MacBook and a $75 dongle.
 
Apple should just provide options in settings for users. One to only allow authenticated devices and one to never allow any device. Heck, with wireless charging. You should be able to disable the port entirely.

I wouldn’t mind enabling the peripheral connection once a month for encrypted backups in iTunes.
 

jasonkaler

Distinguished
Nov 22, 2011
478
0
19,160
105


I doubt it. I bet you $100 I'll be able to re-flash your attiny with my own malware, even if you go to the trouble of disabling the reset fuse so that it can't be re-flashed.
A mere 12v to the reset line and the tiny goes blank, ready to accept my own 2Hz blink routine!

The big problem outlined in this article is that apple secured one entry, while leaving a gaping back-door unprotected.
"Lets secure the door and use that as marketing to tell everyone how secure our devices are" while leaving door B wide open.
 
Status
Not open for further replies.

ASK THE COMMUNITY