Skip to main content

iOS 11.4’s USB Restricted Mode prevents tethered cracking attempts, Lightning becomes charge-only

iOS 11.4 should be released within the next several weeks. With that, Apple could be implementing further security protocols on iOS that prevent devices to be used with a Mac or PC after 7 days of not unlocking the device.

According to security blog Elcomsoft, the latest iOS 11.4 beta includes a new USB Restricted Mode. It notes that this feature was originally introduced in early iOS 11.3 betas, but was later removed in the final release.

To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via lightning connector to the device while unlocked – or enter your device passcode while connected – at least once a week

Essentially, what is happening is that if an iOS device does not have a successful unlock within a week, whether via biometrics or passcode, the Lightning port on the device will be restricted to a charging only mode.

This may be in response to companies such as GrayKey essentially cloning iOS device partitions, backing it up, and then restoring it at a later date after the iPhone has exceeded its passcode attempts. This basically locks the device in a way that it cannot be restored or updated via iTunes after the threshold period is met.

The feature will also not honor iTunes pairing records, meaning if you had a computer that was previously trusted with the device, it won’t matter until the owner unlocks the device with the passcode. The report does mention that it is unsure if methods such as GrayKey still work with iOS 11.4.

Otherwise, the Lightning port will lock down to charge only mode. The iPhone or iPad will still charge, but it will no longer attempt to establish a data connection. Even the “Trust this computer?” prompt will not be displayed once the device is connected to the computer, and any existing lockdown records (iTunes pairing records) will not be honoured until the user unlocks the device with a passcode.

Prior to iOS 11, an iPhone or iPad that was once trusted via iTunes on a computer was still able to create a new local backup. That way, someone could easily do a DFU restore on the device and have essentially unlimited passcode attempts at the device once restored.

However, Apple took this one step further in iOS 11 with expiring lockdown records, meaning after a lockdown record expired, it could no longer communicate with the iOS device in question, requiring a new pairing prompt.

In iOS 11.3, iTunes pairing records expired after 7 days, and now it looks like Apple is wanting to further lockdown its devices in iOS 11.4 by preventing devices to communicate to iTunes at all without the passcode.


Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel