X

Apple to close iPhone security hole used by police, criminals

The Lightning port won't let anyone access data after an iPhone has been locked for an hour

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read
apple-iphone-8-drop-test-smashed-broken4669

Cracking iPhones -- as in accessing their data -- will be harder when Apple rolls out USB Restricted Mode.

James Martin/CNET

Apple will make a method -- often used by police -- for getting data off iPhones much less powerful with a software update announced Wednesday.

The change, called USB Restricted Mode, will close down access to data through a iPhone's Lightning port if the phone hasn't been unlocked in the past hour. 

The update isn't meant to hold back law enforcement efforts, Apple said Wednesday, but to close a security hole that put customers at risk. Not just police, but identity thieves could use the Lightning port to access data. What's more, Apple reportedly told Reuters, some of its customers live in countries where police take possession of phones whenever they want.

"At Apple, we put the customer at the center of everything we design," the Apple said in an emailed statement. "We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data. We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs."

The announcement is one more piece of Apple's effort to position itself as a champion of user privacy, an approach that has put it at odds with law enforcement in the US. In 2016, the company refused a demand from the FBI that it create software to circumvent encryption technology on an iPhone that had belonged to a suspect in a mass shooting in San Bernardino, California. That stand-off ended when the Department of Justice said it had found a third party that could unlock the iPhone without Apple's help.

The FBI declined to comment for this story. Apple pointed out Wednesday that it has responded to thousands of requests from US law enforcement for access to customer data -- more than 14,000 in 2017.

Currently, law enforcement and others can plug specialized tools made by cybersecurity experts into the phone's Lightning port to access data. Apple hinted at the change in early versions of its iPhone software, iOS. Software developers noticed it in the beta version iOS 11.3 before it disappeared from the publicly released version of the software. Then it was named again in release notes for the beta version of iOS 11.4.

Apple didn't say which future version of iOS would contain the update.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Apple: See what's up with the tech giant as it readies new iPhones and more.