First appeared in the beta version of iOS 11.3, but it became more prominent in the iOS 11.4 beta. The USB limitation mode in the latest iOS 12 beta needs to be unlocked.iPhoneSo that the data is transmitted through the Lightning port. According to Motherboard, if the iPhone has not been unlocked in the past hour, this mode will prevent the USB accessory from being connected.
In previous implementations, if the accessory was connected when the device was unlocked and the password was entered at least once a week, the USB Restricted Mode allows the locked iOS device to communicate with the USB accessory. Test versions of iOS 11.4.1 and iOS 12 enable the USB throttling mode by default, but they can be disabled under the "Touch ID and Password" of the device's Settings application. Changing to an hour limit means that government agencies and law enforcement agencies have little opportunity to use unlocking services and tools to obtain data from devices.
Cellebrite, a judicial security company, allegedly helped the FBI unlock the iPhone after the San Bernardino shooting incident, and Grayshift's GrayKey tool usually relied on physical access devices. Because law enforcement needs to ensure that the device is unlocked within the window, the iPhone is made available until these forensic tools can be used. But it is much more difficult now. Apple's current practice has almost killed the business of GrayKey and Cellebrite, which does not allow any type of data connection to occur until the device is unlocked. If you cannot communicate with it, you cannot use the device.
Although the window of the hour unit makes the unlocking process more difficult, there may still be a solution. In May of this year, security firm ElcomSoft suggested that connecting the iPhone to a paired accessory or computer while the iPhone is unlocking can expand the restricted mode window, and that centralized management hardware may completely disable the mode.
So far, the USB throttling model has only appeared in the beta version, not the fully released version of iOS, so its appearance in the first iOS 12 beta does not necessarily mean that security features will be available when the mobile operating system is released. For public use. The details of how Cellebrite and GrayKey invaded iPhones and iPads are a closely guarded secret, and although they may be defeated by the USB-restricted model, the companies involved are likely to have more extreme techniques that could be used as alternative extraction options. For example, the target device may be disassembled to allow direct access to the flash memory to copy the data, and then use these copies to attack the device's password.