{"id":1630,"date":"2013-07-09T13:38:39","date_gmt":"2013-07-09T18:38:39","guid":{"rendered":"https:\/\/neosmart.net\/blog\/?p=1630"},"modified":"2013-07-09T13:44:24","modified_gmt":"2013-07-09T18:44:24","slug":"apple-finally-locks-down-the-usb-port-ios-7","status":"publish","type":"post","link":"https:\/\/neosmart.net\/blog\/apple-finally-locks-down-the-usb-port-ios-7\/","title":{"rendered":"Apple finally locks down the USB port in iOS 7"},"content":{"rendered":"<p>One of the basic principles of computer security is that if someone has physical access to a machine, compromising it is simply a matter of time (yes, even technologies like whole-disk encryption via GPG\/PGP, BitLocker, or TrueCrypt are often <a title=\"evil maid explained\" href=\"http:\/\/theinvisiblethings.blogspot.com\/2009\/10\/evil-maid-goes-after-truecrypt.html\" rel=\"follow\">still susceptible to &#8220;Evil Maid&#8221; attacks<\/a>). But while all devices are vulnerable to hands-on attacks, some devices are more vulnerable than others.<\/p>\n<p>Innocuous-looking USB accessories for both PCs and smartphones have long been a preferred for attacks aiming to gain unauthorized access to a machine. Devices that look like USB sticks can easily direct a computer they&#8217;re plugged into to dump data to an external device or online file storage by mimicking a keyboard\/mouse, an attack no antivirus or antimalware software can prevent. Smartphones have been susceptible to similar attacks, even from something as seemingly-innocent <a href=\"http:\/\/www.bbc.co.uk\/news\/technology-22764815\" rel=\"follow\">as a regular phone charger<\/a>. These hardware-based attacks have been well-documented, and while a passcode on the device <a href=\"http:\/\/www.mnn.com\/green-tech\/gadgets-electronics\/stories\/why-plugging-in-your-iphone-could-come-at-a-price\" rel=\"follow\">can mitigate such attempts<\/a>, it&#8217;s no cure-all.<\/p>\n<p><!--more--><\/p>\n<p>With iOS 7, Apple has introduced a new feature called &#8220;trusted devices&#8221; which requires the user to actually authorize the attached USB &#8220;charger&#8221;\/accessory to access data on the device. When plugging in an iPhone to a computer (or a computer masquerading as a charger), the user sees a prompt as in the screen below:<\/p>\n<p><a href=\"\/blog\/wp-content\/uploads\/Attachment-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-1631 alignnone colorbox-1630\" style=\"display: block;\" alt=\"iPhone Trusted Devices\" src=\"\/blog\/wp-content\/uploads\/Attachment-1.png\" width=\"320\" height=\"480\" srcset=\"https:\/\/neosmart.net\/blog\/wp-content\/uploads\/Attachment-1.png 640w, https:\/\/neosmart.net\/blog\/wp-content\/uploads\/Attachment-1-200x300.png 200w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/a><\/p>\n<blockquote><p><strong>Trust the currently connected computer?<\/strong><\/p>\n<p>Trusting this computer will allow it full access to your device and all of its data.<\/p><\/blockquote>\n<p>This prompt is only shown on an unlocked iPhone and until the user selects the \u201ctrust\u201d option, the iPhone will treat the connected accessory as a \u201cdumb\u201d power source and not present any USB mass storage device interfaces, rendering USB-based attacks to a (<strong><em>locked<\/em><\/strong>) iPhone ineffective.<\/p>\n<p>Combined with some of the other security improvements shipped in the next iOS update (\u201cFind my iPhone\u201d enabled even after full device format, iTunes account-based activation lock after full format, etc.), iOS 7 is shaping up to be the most security-centric release to date.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the basic principles of computer security is that if someone has physical access to a machine, compromising it is simply a matter of time (yes, even technologies like whole-disk encryption via GPG\/PGP, BitLocker, or TrueCrypt are often still &hellip; <a href=\"https:\/\/neosmart.net\/blog\/apple-finally-locks-down-the-usb-port-ios-7\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":505,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[107,19,845,868,348,12],"class_list":["post-1630","post","type-post","status-publish","format-standard","hentry","category-software","tag-apple","tag-hardware","tag-ios","tag-ios-7","tag-iphone","tag-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p4xDa-qi","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/neosmart.net\/blog\/wp-json\/wp\/v2\/posts\/1630","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/neosmart.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/neosmart.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/neosmart.net\/blog\/wp-json\/wp\/v2\/users\/505"}],"replies":[{"embeddable":true,"href":"https:\/\/neosmart.net\/blog\/wp-json\/wp\/v2\/comments?post=1630"}],"version-history":[{"count":4,"href":"https:\/\/neosmart.net\/blog\/wp-json\/wp\/v2\/posts\/1630\/revisions"}],"predecessor-version":[{"id":1634,"href":"https:\/\/neosmart.net\/blog\/wp-json\/wp\/v2\/posts\/1630\/revisions\/1634"}],"wp:attachment":[{"href":"https:\/\/neosmart.net\/blog\/wp-json\/wp\/v2\/media?parent=1630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/neosmart.net\/blog\/wp-json\/wp\/v2\/categories?post=1630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/neosmart.net\/blog\/wp-json\/wp\/v2\/tags?post=1630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}