Apple to close Lightning port vulnerability

Lightning port vulnerability

Apple has announced an upcoming iOS upgrade will close its Lightning port vulnerability. It will block data transfers on its Lighting port when the device is locked.

The Lightning port vulnerability is one of the last ways a hacker, or law enforcement, can try to access the iPhone or iPad. The device must be in their possession.

Apple said, “We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data. We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”

What does closing the Lightning port vulnerability mean?

The Lightning port’s primary use it for charging phones. This does not change. But after an hour of the phone being locked transferring data will be blocked.

The change, called USB Restricted Mode, is purely to close a security loophole. It ends the controversial method of law enforcement and other hackers gaining access to the phones memory and storage in their possession at any time.

From a user’s perspective, it may add one step to data transfer. A user will have to unlock the phone and keep it unlocked during data transfer.

Companies like GrayShift and Cellebrite used the Lighting port to circumvent Apple’s security that freezes the phone after a few incorrect password guesses. Given sufficient time these companies ‘cracking’ boxes that cost about $15,000 can gain access to the phones valuable records.

Lightning port vulnerabilityBut close one door, and another opens. It just means that law enforcement and hackers will look to accessing the cloud, Telco records, and other sources.

Apple summed up, “There are over 700 million iPhones in the hands of consumers. Patching any vulnerabilities as quickly as possible is necessary for a mature security posture and the only responsible path to protect the public.”