The iPhone's New 'USB Restricted Mode' Can Be Bypassed by Cheap Accessories

Status
Not open for further replies.

jimmysmitty

Champion
Moderator
Oct 5, 2007
19,479
117
58,340
Best answers
998
There is always going to be a way around. No software is 100% secure. Even encryption is not 100% although to crack some of the best it takes a massive amount of hardware power.

And the day Apple switches to a universal standard like USB Type-C is the day hell will most likely freeze over.
 

InvalidError

Titan
Moderator
May 18, 2007
16,186
207
81,640
Best answers
2,361

It is possible to write 100% secure software - I'm pretty sure I can write a 100% secure 1Hz blinker firmware for an ATtiny8 micro-controller, it'll be as secure as the controller itself can be :)

However, writing 100% secure software becomes increasingly impractical as complexity goes up, especially on platforms that rely on heaps of boilerplate code and an OS that normal developers have no visibility into or control over.
 

Mpablo87

Reputable
Dec 10, 2015
47
0
4,530
Best answers
0
Oh! One more useless device. And it will cost you 1000000000000 dollars. I don't like their products.
 

ThisIsMe

Distinguished
May 15, 2009
155
0
18,680
Best answers
0
It would actually be easy to fix. Apple just needs to set it to disable peripheral detection as soon as the phone is locked by default. Give the user the option to set a timer if desired. Although I don’t see why many people would have an issue with unlocking their phone before connecting such a device, so I don’t see many people even caring enough to want to disable such a good security measure.
 

Giroro

Reputable
Jan 22, 2015
432
5
4,815
Best answers
13
Knowing Apple, they'll probably remove physical data pins altogether.
Anyone who wants to transfer data to the phone will need to do so using a proprietary wireless protocol that requires a MacBook and a $75 dongle.
 

velocityg4

Splendid
Nov 21, 2006
3,868
55
30,340
Best answers
979
Apple should just provide options in settings for users. One to only allow authenticated devices and one to never allow any device. Heck, with wireless charging. You should be able to disable the port entirely.

I wouldn’t mind enabling the peripheral connection once a month for encrypted backups in iTunes.
 

jasonkaler

Distinguished
Nov 22, 2011
478
0
19,160
Best answers
105


I doubt it. I bet you $100 I'll be able to re-flash your attiny with my own malware, even if you go to the trouble of disabling the reset fuse so that it can't be re-flashed.
A mere 12v to the reset line and the tiny goes blank, ready to accept my own 2Hz blink routine!

The big problem outlined in this article is that apple secured one entry, while leaving a gaping back-door unprotected.
"Lets secure the door and use that as marketing to tell everyone how secure our devices are" while leaving door B wide open.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS