iOS 12 includes new iPhone USB data security protections

iOS 12’s USB Restricted Mode prevents USB accessories plugged into the Lightning port from accessing data after your iPhone, iPad or iPod touch has been locked for more than an hour.

For security reasons, iOS 12 closes down access to USB data through the Lightning port if the device hasn’t been unlocked in the past hour. As a result of this important change, you might be asked to unlock your iPhone, iPad or iPod touch in order to plug it into a Mac or Windows PC or connect a USB accessory after the cut-off window.

People who sync their devices with iTunes may want to allow USB access when locked.

iTunes problems?

USB Restricted Mode increases security at the expense of convenience.

See, you won’t be able to sync with iTunes past the one-hour threshold without re-authorizing your USB accessory because USB Restricted Mode limits the Lighting port to charging. If you use USB accessories or connect your iOS device to a Mac or Windows PC, you may therefore need to periodically re-authenticate with your passcode, Touch ID or Face ID.

Charging issues?

If you use USB accessories over the Lightning port which are based on the iPod Accessory Protocol (iAP), iOS may ask you unlock the device before allowing data connection.

This affects the following types of devices:

  • CarPlay
  • Assistive devices
  • Charging accessories
  • Storage carts

The change may prevent a locked device from using an iAP charger. Thankfully, you don’t need to unlock you device if it happens to be charging through one of Apple’s USB power adapters.

Restricting USB Restricted Mode further

The iOS 11.3 beta increased pairing security by requiring re-authentication of any USB devices plugged into the Lightning port in case the host device has been locked for a week. The company removed that feature from finished iOS 11.3 code only to have it re-appear in iOS 11.4.

TUTORIAL: How to set up a stronger iPhone passcode

In order to defeat physical data access by forensic firms like Cellebrite and hacking tools such as GrayKey, Apple has tightened up security in iOS 12 by narrowing the cut-off window for USB data access via the Lightning port from seven days down to just one hour.

As a result, hacking boxes are unable to run code on iOS 12 devices after the hour is up.

GrayKey hacking box uses iPhone USB data to help law enforcement officials crack your passcode

USB Restricted Access severely curtails law enforcement tools like this GrayKey box

Now that malicious parties have just hour or less to get your phone to a cracking machine, that alone could cut access by as much as 90 percent, security researchers estimated.

Why Apple has made this change

With this change, Apple aims to protect customers in countries where phones are easily obtained by criminals with extensive resources or seized by law enforcement agencies that are more often than not bound by fewer legal restrictions than under US law.

Hacking tools such as the GrayKey box, pictured above, can crack a typical six-digit iPhone passcode in less than 24 hours. The one-hour threshold in iOS 12 means that such a hacking tool may stop working after an hour of being connected to an iOS device.

To strengthen this important security protection and help its customers defend against hackers, identity thieves and intrusions into their personal data, Apple now lets you adjust if USB accessories are permitted to access a locked iOS device.

Here’s how.

How to adjust iPhone USB data access

iOS 12 defaults to preventing USB accessories from connecting to a locked iOS device past the one-hour threshold until you re-authorize.

Here’s how you can adjust this behavior:

1) Open Settings on your iPhone or iPad with iOS 12 or newer.

2) Depending on the type of biometric features utilized by your device, choose Passcode, Touch ID & Passcode or Face ID & Passcode from the list, they type in your passcode.

By default, USB Restricted Mode on iOS 12 stops iPhone USB data access when locked

3) Scroll to the bottom and toggle the USB Accessories option:

  • When “USB Accessories” is toggled on—USB accessories are permitted to connect to your iOS device at any time, even if it’s been locked for more than an hour.
  • When “USB Accessories” is toggled off—Accessories cannot establish a USB data connection when your iOS device has been locked for more than an hour.

USB accessories can always access data via the Lighting port on unlocked devices.

If your USB accessory isn’t properly recognized after you have unlocked an iOS device, disconnect the accessory, unlock your device and then reconnect the accessory.

Who would want to turn this on?

People with disabilities may want to allow USB data access at all times.

If you use an assistive accessory to enter your passcode, you might want to permit your iPhone or iPad to communicate with your assistive accessory even while it’s locked.

USB Restricted Mode can be configured to permit data access at any time

In fact, USB accessories based on iPod Accessory Protocol (iAP) may prompt you to unlock your iOS device before the operating system enables USB data access over the Lighting port.

The following types of devices are based on iAP:

  • CarPlay
  • Assistive devices
  • Charging accessories
  • Storage carts

Some third-party iAP chargers may not work if the device has been locked for more than an hour unless you reauthorize. Thankfully, Apple doesn’t require you unlock an iOS device if it’s charged via an Apple USB power adapter.

Need help? Ask iDB!

If you like this how-to, pass it along to your support folks and leave a comment below.

Got stuck? Not sure how to do certain things on your Apple device? Let us know via help@iDownloadBlog.com and a future tutorial might provide a solution.

Submit your how-to suggestions via tips@iDownloadBlog.com.