“The iOS 11.4 beta contains a new feature called USB Restricted Mode, designed to defeat physical data access by third parties — possibly with forensic firms like Grayshift and Cellebrite in mind,” Roger Fingas reports for AppleInsider.
“‘To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via Lightning connector to the device while unlocked — or enter your device passcode while connected — at least once a week,’ reads Apple documentation highlighted by security firm ElcomSoft,” Fingas reports. “The feature actually made an appearance in iOS 11.3 betas, but like AirPlay 2 was removed from the finished code.”
Fingas reports, “The exact details of the hacking techniques used by Cellebrite and Grayshift’s GrayKey have been kept secret, so it’s possible they may still work after iOS 11.4 is released.”
Read more in the full article here.
MacDailyNews Take: Regardless, those concerned with security and privacy should use an alphanumeric passcode that’s seven characters – even longer is better – and mixes numbers, letters, and symbols.
To change your password in iOS:
Settings > Face ID & Passcodes > Change Passcode > Passcode Options: Custom Alphanumeric CodeGuide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)— Matthew Green (@matthew_d_green) April 16, 2018
SEE ALSO:
GrayKey box can guess a six-digit iPhone password in 11 hours on average – April 16, 2018
Police around the U.S. can now unlock iPhones – April 12, 2018
Law enforcement uses ‘GrayKey’ box to unlock iPhones – March 16, 2018
The man who wrote those password rules has a new tip: N3v$r M1^d! – August 8, 2017
Apple inc., Thank you for making the effort to take my privacy seriously.
I’m just going to quit my job as a spy instead.
Hate to be a company or law enforcement agency that just paid a lot of money for the GrayKey hack. LOL!
MDN a more secure recommendation is to use a long and easy to remember passphrase.
The creator of the strong password admitted last year that he regrets the recommendations he came up with, using letters numbers and symbols etc.
The longer the better and all letters is fine.
His example: Using “horsecarrotsaddlestable” would take one trillion years for a “botnet” cyber attack to crack, in contrast to a minute for “P@55w0rd”.