For months, police across the country have been using a device called a GrayKey to unlock dormant iPhones, using an undisclosed technique to sidestep Apple’s default disk encryption. The devices are currently in use in at least five states and five federal agencies, seen as a breakthrough in collecting evidence from encrypted devices.
But according to a new Reuters report, Apple is planning to release a new feature to iOS that would make those devices useless in the majority of cases, potentially sparking a return to the encryption standoff between law enforcement and device manufacturers.
Under the new feature, iPhones will cut off all communication through the USB port if they have not been unlocked in the past hour. Once the hour expires, the USB-C port can only be used to charge the device. The result will give police an extremely short window of time to deploy GrayKey devices successfully.
The feature, called “USB Restricted Mode,” has been present in developer betas for both iOS 12 and iOS 11.4.1, but this is the first indication that it is slated for public release. Speaking to The Verge, Apple declined to confirm that USB Restricted Mode would be present in iOS 12.
According to a Malware Bytes report published in March, GrayKey works by installing some kind of low-level software through the iPhone’s USB-C port. After plugging into the GrayKey device briefly, the target iPhone will continue to run the GrayKey software on its own, displaying the device’s passcode on-screen between two hours and three days after the software was installed.
While politically sensitive, the change will close off an entire class of attacks through the iPhone’s USB port, including attacks that copy GrayKey’s techniques. Apple described the change as a general security update rather than a response to law enforcement specifically.
“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves, and intrusions into their personal data,” an Apple representative said in a statement. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”