iOS 12 includes new iPhone USB data security protections

iOS 12 enhances USB Restricted Mode, preventing devices plugged into the Lightning port from accessing data when an iPhone, iPad or iPod touch has been locked for more than an hour.

People who sync their iOS things with iTunes may want to allow USB access when locked.

TAKEAWAYS:

  • iOS cuts access to Lightning data if the device wasn’t unlocked in the past hour.
  • USB Restricted Mode limits Lighting to charging.
  • You may be asked to unlock the device when plugging it into a computer.
  • This security measure was introduced to make passcode attacks harder.
  • USB Restricted Mode is enabled by default after the update.

“If you don’t first unlock your password-protected iOS device—or you haven’t unlocked and connected it to a USB accessory within the past hour—your iOS device won’t communicate with the accessory or computer, and in some cases, it might not charge,” as per Apple.

Restricting USB Restricted Mode further

The iOS 11.3 beta increased pairing security by requiring re-authentication of an USB device plugged into the Lightning port if your host iOS device has been locked for a week. The company removed that feature from finished iOS 11.3 code only to have it re-appear and release commercially as part of the iOS 11.4.1 software update on July 9, 2018.

You’re wholeheartedly recommended to read Apple’s support document which provides additional details about using USB accessories with iOS 11.4.1 and later.

TUTORIAL: How to set up a stronger iPhone passcode

In order to defeat physical data access by forensic firms like Cellebrite and hacking tools such as GrayKey, Apple has tightened up security in iOS 12 by narrowing the cut-off window for USB data access via the Lightning port from seven days down to just one hour.

As a result, hacking boxes are unable to run code on iOS 12 devices after the hour is up.

GrayKey hacking box uses iPhone USB data to help law enforcement officials crack your passcode

USB Restricted Access severely curtails law enforcement tools like this GrayKey box

Now that malicious parties have just an hour or less to get your phone to a cracking machine, that alone could cut access by as much as 90 percent, security researchers estimated.

Why Apple has made this change

With the change, Apple aims to protect its customers in countries where phones get frequently stolen by criminals who have extensive resources at their disposal. The feature should also help in an unfortunate case of your iPhone getting seized by a foreign law enforcement agency that may be bound by fewer legal restrictions than under US law.

Hacking tools such as the GrayKey box, pictured above, could crack a typical six-digit iPhone passcode in less than 24 hours—hence, the new one-hour security threshold in iOS 12.

To boost this important security protection even further and help its customers defend against hackers and intrusions into their personal lives, Apple now lets you adjust if USB accessories are permitted to access a locked iOS device.

Here’s how.

How to adjust iPhone USB data access

iOS 12 defaults to preventing USB accessories from connecting to a locked iOS device past the one-hour threshold until you re-authorize.

Here’s how you can adjust this behavior:

1) Open Settings on your iPhone or iPad with iOS 12 or newer.

2) Depending on the type of biometric features utilized by your device, choose Passcode, Touch ID & Passcode or Face ID & Passcode from the list, they type in your passcode.

By default, USB Restricted Mode on iOS 12 stops iPhone USB data access when locked

3) Scroll to the bottom and toggle the USB Accessories option:

  • When “USB Accessories” is toggled on—USB accessories are permitted to connect to your iOS device at any time, even if it’s been locked for more than an hour.
  • When “USB Accessories” is toggled off—Accessories cannot establish a USB data connection when your iOS device has been locked for more than an hour.

USB Restricted Mode is disabled if the USB Accessories toggle is enabled, and vice versa. USB accessories are always permitted to access data via Lighting on unlocked devices.

If your USB accessory isn’t properly recognized after you have unlocked an iOS device, disconnect the accessory, unlock your device and then reconnect the accessory.

Who would want to turn this on?

People with disabilities may want to allow USB data access at all times.

USB Restricted Mode can be configured to permit data access at any time

If you use an assistive accessory to enter your passcode, you might want to permit your iPhone or iPad to communicate with your assistive accessory even while it’s locked.

iTunes problems?

USB Restricted Mode increases security at the expense of convenience.

You won’t be able to sync with iTunes after the one hour has expired, unless you re-authorize, because USB Restricted Mode limits the Lighting port to charging. If you use iOS accessories or connect your device to a Mac or Windows PC, you may therefore need to periodically re-authenticate with your passcode, Touch ID or Face ID.

Charging issues?

If you plug an USB accessory based on the iPod Accessory Protocol (iAP) into your iOS device, you may be prompted to unlock the iOS device to permit data access.

This affects the following types of iAP devices:

  • CarPlay
  • Assistive devices
  • Charging accessories
  • Storage carts

Some third-party iAP chargers may not work if your iOS device has been locked for more than an hour, unless you reauthorize. Thankfully, Apple doesn’t require you to unlock an iOS device being charged via one of Apple’s own USB power adapters.

Need help? Ask iDB!

If you like this how-to, pass it along to your support folks and leave a comment below.

Got stuck? Not sure how to do certain things on your Apple device? Let us know via help@iDownloadBlog.com and a future tutorial might provide a solution.

Submit your own how-to suggestions via tips@iDownloadBlog.com.