Apple Just Released A New Feature That Prevents Police From Unlocking iPhones

The new feature could prevent firms like Cellebrite, which reportedly helped the FBI in the San Bernardino case, from gaining access to locked devices.


Today, Apple released iOS version 11.4.1, which includes the new USB Restricted Mode security feature. You can find the feature in Settings > Face ID (or Touch ID) & Passcode. Leave the feature disabled for the most security. Turn the feature on to remove the one hour passcode requirement.

Apple is adding a new feature that could block methods police use to download data from locked iPhones.

Last week, at Apple's annual developer conference, the company unveiled the latest version of its operating system for iPhone and iPad, iOS 12. In addition to tools to break your iPhone addiction, "Memojis," and group FaceTime, Apple is also rolling out a new security feature in the update called USB Restricted Mode, which prevents tools used by law enforcement to unlock devices, reports Motherboard. The company acknowledged to Reuters that the feature was designed in part for users in countries where phones are easily obtained by police and criminals.

In an emailed statement, an Apple spokesperson wrote, “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs." Apple also said it has staff available 24/7 who are dedicated to assisting law enforcement with information requests. The company has long challenged the FBI's request to break into a passcode-protected iPhone used by one of the San Bernadino shooters.

With USB Restricted Mode on, iPhone users will need to enter their passcode every hour to maintain a USB connection for data transfer.

A passcode is currently required when transferring data from an iPhone to a computer through iTunes. But mobile forensic firms figured out how to work around the need for a passcode and transfer data from the iPhone without it.

The new USB Restricted Mode on iOS 12 closes that loophole. When this feature is turned on, the phone's Lightning port is disabled for data transfer one hour after the phone is locked, but can still be used for charging with a power adapter. To transfer any data after that one-hour window has expired, whether via iTunes or other means, the device will require a passcode.

When you first plug in your iPhone to a computer, iTunes will ask you to "Trust" this computer. Those trusted secondary devices allow tools to access iPhone data without the passcode — unless USB Restricted Mode is enabled.

Oleg Afonin of the ElcomSoft security blog explains that the loophole involved using a small file extracted from the suspect's computer or other "trusted device" called a lockdown record. This file allowed iPhone cracking software to create a backup of the phone and access its data (pictures, videos, apps, etc.) without a passcode. USB Restricted Mode, however, will not allow those tools to bypass the passcode. Data transfer via USB will be completely shut off without reentering the iPhone's passcode every hour.

USB Restricted Mode can be turned on in the iOS 12 beta version of the Settings app, under Face ID & Passcode. A version of USB Restricted Mode was introduced in the iOS 11.4 beta update and required passcode reentry every seven days to maintain a USB connection. The new iOS 12 feature has shortened that requirement to every hour.

The feature would prevent mobile forensic firms like Cellebrite, which reportedly helped the FBI unlock the iPhone in the San Bernardino shooting case, gain access to iOS devices.

iOS 11.4.1 & 12 include USB Restricted Mode. This feature forces users to unlock an iPhone w/ passcode when connecting to a USB accessory everytime the phone has not been unlocked for an hour. A major blow to Cellebrite & GrayShift, which police depts use to hack into iPhones.

USB Restricted Mode would also block another tool shown to have been used by law enforcement to extract data from locked devices, called GrayKey, made by a company called Grayshift. Both GrayKey and Cellebrite's method require physical access to the device.

In response to the feature's announcement, a Department of Justice official told Politico that the FBI may be able to claim an exigent need (or time-sensitive circumstances under which a warrant is not required) to access data from a device within the first hour. Apple and the DOJ did not immediately respond to request for comment.

My story on Apple turning off data transfer through the Lightning port on devices that have been locked for an hour: DOJ official told me FBI may now be able to claim an exigent need to extract data from seized devices w/in 1st hour *without a warrant*.

The iOS 12 developer beta is available now, and the public beta is coming soon (sign up at — but be warned: Betas are buggy and you should definitely back up your device before installing.


Text updated with a response from a Department of Justice official, reported by Politico.


An explanation from security blog ElcomSoft regarding how the loophole works has been added to the text for clarification.

Skip to footer