iOS 12 may be the hottest iPhone operating system you can run right now, but that's still in beta. If you want finalized software, iOS 11.4.1 is the one you need, which Apple made available earlier this week.

In addition to the expected fixes and improvements, iOS 11.4.1 brings over a feature that's called USB Restricted Mode, whose purpose is to prevent those iPhone hacking machines that law enforcement is using to bypass the screen lock from hacking iOS devices. It turns out Apple’s hack fix was already cracked.

"Cracked” is perhaps a too generous term as Elcomsoft, the company who made the discovery, didn't attempt any actual hacks. Instead, it just discovered a workaround that would make it easier to police to hack an iPhone seized during an investigation well after the first hour.

What USB Restricted Mode does is to block data communications over the Lightning port an hour after the iPhone or iPad was last unlocked. Apple’s trick should prevent gadgets like Grayshift from brute-forcing the screen lock — guessing the right combination by trying every possible PIN:

We performed several tests, and can now confirm that USB Restricted Mode is maintained through reboots, and persists software restores via Recovery mode. In other words, we have found no obvious way to break USB Restricted Mode once it is already engaged.

But the same Elcomsoft says the workaround it discovered back in May still works on iOS 11.4.1. All police need to do to prevent USB Restricted Mode is to have a Lightning accessory at hand:

What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been paired to the iPhone before (well, in fact the accessories do not require pairing at all). In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.

Of course, this only works if the device hadn't entered in USB Restricted Mode by the time the police obtained it.

Source: bgr