The feature, called "USB Restricted Mode," disables data transfer through the Lightning Port after an hour of inactivity.
ALSO READ:Google braced for giant Android fine from EU
A password-protected iOS device that has not been unlocked and connected to a USB accessory within the past hour will not communicate with an accessory or computer, and in some cases might not charge, according to Apple. Users might see a message directing them to unlock the device to use accessories.
One possible use for USB Restricted Mode could be to foil passcode-cracking solutions made by companies like Cellebrite and Grayshift, which reportedly have been used by law enforcement authorities to crack iPhones.
Users can turn off the USB Restricted Mode capability if they desire to do so.
Thwarting Data Port Intruders
Although the Lightning port may be a sweet spot for law enforcement, USB Restricted Mode has a broader purpose than protecting users from police probes, maintained Will Strafach, president of Sudo Security Group, an iOS security company in Greenwich, Connecticut.
"Exploits and vulnerabilities can be seized on by anyone," he told TechNewsWorld. "Criminals may want to steal data from the device or wipe it, so this mode is for mitigation of any kind of USB-based vulnerability."
ALSO READ:Melanoma blood test: Scientists unveil 'world-first' research
USB Restricted Mode is "first and foremost" designed to protect its users' phones and data, maintained Andrew Blaich, head of device intelligence at Lookout, a maker of mobile security products in San Francisco.
"Law enforcement has recently been using new tools, such as GrayKey, to guess the passcode of a device to access it," he told TechNewsWorld.
However, the vulnerabilities and technical bypasses used by GrayKey -- and by solutions from Cellebrite and others -- are still unknown, he pointed out.
Smart Approach
The code GrayKey uses to break the passcode on an iPhone is a closely held secret, but it appears to load through the Lightning Port.
"So Apple's idea is to make a user enter a passcode after an hour. Otherwise the Lightning Port can only be used for power," said Sudo's Strafach.
"Without a data connection, there's no way to communicate with the data services running on the phone, so there's no way to access any vulnerabilities on the phone," he explained.
"Instead of trying to address individual vulnerabilities, Apple is addressing a whole class of vulnerabilities that need the data link to be exploited," Strafach pointed out.
"That's smart," he said. "It's taking a long-term outlook on vulnerabilities. Rather than squashing vulnerabilities as they come up, they're taking a proactive approach and mitigating the method by which these vulnerabilities are exploited."
Breaking Restricted Mode
Once USB Restricted Mode is engaged, it appears to be impossible to break, so the key to foiling the security measure is to prevent it from engaging.
Oleg Afonin, a security researcher at ElcomSoft, has described exactly how to do that in an online post.
ALSO READ:AUTODESK TECHNOLOGY KEY TO WORLD RECORD HUMAN POWERED VEHICLE BID
"What we discovered is that iOS will reset the USB Restrictive Mode countdown timer even if one connects the iPhone to an untrusted USB accessory, one that has never been [connected] to the iPhone before," he wrote.
If USB Restricted Mode hasn't been engaged, a police officer can seize an iPhone and immediately connect a compatible USB accessory to prevent the USB Restricted Mode lock from engaging after one hour, he explained. Then the device can be taken to a location where a passcode cracker can be used.
What's the likelihood that a phone hasn't been unlocked within an hour of it being seized by a law enforcement agent? Quite high, according to Afonin, who noted the average user unlocks a phone around 80 times a day.
Apple did not respond to our request to comment for this story.
"Nothing is a silver bullet," warned Lookout's Blaich.
Melanoma blood test: Scientists unveil 'world-first' research
WEDNESDAY, JULY 18, 2018
Australian scientists say they have developed a blood test to detect melanoma in its early stages.
The test, billed as a world first, is designed to make it easier to spot the skin cancer before it becomes fatal, according to researchers.
Currently, doctors rely on skin examinations and biopsies to detect melanoma, which can spread quickly. Researchers say the blood test could provide more accurate results than the human eye, and save many lives.
ALSO READ:AUTODESK TECHNOLOGY KEY TO WORLD RECORD HUMAN POWERED VEHICLE BID
Developed by scientists at Edith Cowan University, the test picks up melanoma by recognising auto-antibodies produced by the body to combat the cancer's early growth.
In a trial involving about 200 people - half of whom had the cancer - the test was successful in 81.5% of cases.
It will now undergo clinical trials, to take place within three years, in a bid to improve its accuracy to 90%. Researchers hope it could be approved for use within five years.
Early detection
Malignant melanoma, the most serious form of skin cancer, is mainly caused by exposure to UV radiation. It often starts with a change in a mole or a new growth on skin.
While specialists are well-trained to spot melanoma, Prof Mel Ziman, head of the research team, said the blood test could hasten diagnosis.
"Often in routine clinical practice, it can be a little difficult to tell an early stage melanoma from a mole," she told the BBC.
"This blood test will fit in when the patient goes to the clinic to determine whether the lesion is a melanoma. The physician could do the test first before feeling like they have to do a biopsy."
The study initially examined 1,627 functional proteins. After analysis, researchers identified 10 auto-antibodies that best indicated the presence of melanoma.
Prof Ziman said detecting melanoma early was critical.
"If we can remove the melanoma when it is less than 1mm thick, you have a 98-99% chance of
survival," she said.
"There is no perfect solution, but it's best to assume that if someone has physical access to your phone, they will eventually be able to find a way to get in," he said. "So users need to remember to use a strong passcode to minimize unintended access when they lose possession of their device.
THINK IT IS IMPORTANT? SHARE WITH YOUR FRIENDS!
No comments:
Post a Comment