Apple has announced plans to tweak the default settings for iPhones in a bid to fix a security hole that has often been utilized by law enforcement to break into the devices via USB.
The company told Reuters it aims to protect all customers, especially in countries where phones are readily obtained by police or by criminals with extensive resources, and to head off further spread of the attack technique.
The US tech giant said it will change default settings in the iPhone operating system to cut off communication through the USB port when the phone has not been unlocked in the past hour.
That port is how machines made by forensic companies GrayShift, Cellebrite and others connect and get around the security provisions that limit how many password guesses can be made before the device freezes them out or erases data.
Following the change, they will be unable to run code on the devices after the hour is up, according to the Reuters report.
Apple representatives were quoted as saying that the change in settings will protect customers in countries where law enforcement seizes and tries to crack phones with fewer legal restrictions than under US law.
They also noted that criminals, spies and unscrupulous people often use the same techniques. Even some of the methods most prized by intelligence agencies have been leaked on the internet.
“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” Apple said in a prepared statement.
“We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”
Apple began working on the USB issue before learning it was a favorite of law enforcement.
The setting switch had been documented in beta versions of iOS 11.4.1 and iOS12, and Apple told Reuters it will be made permanent in a forthcoming general release.
Apple said that after it learned of the techniques, it reviewed the iPhone operating system code and improved security.
With the changes, police or hackers will typically have an hour or less to get a phone to a cracking machine. That could cut access by as much as 90 percent, according to the report.
– Contact us at [email protected]