In the wake of revelations that companies including Grayshift and Cellebrite have developed tricks to extract data from encrypted iPhones, Apple has quietly added an additional protection to the beta version of iOS 11.4: USB Restricted Mode. Discovered by security researchers Elcomsoft, the new feature is said to be “aimed squarely at law enforcement” and automatically password-locks the device’s Lightning port after seven days of inactivity. At that point, the port will only function for charging — crucially eliminating data transfers, such as backups or extractions — until the correct password is entered.

iOS 11.4’s USB Restricted Mode builds on a “lockdown record” protection added to iTunes around the release of iOS 11.3. Before iOS 11, a lockdown record enabled a computer to access certain device information and initiate iTunes backups without entering the passcode — something law enforcement personnel exploited to make backups at will. To increase device security, iOS 11 made the lockdown records expire after an unspecified period of time, while iOS 11.3 clamped down further, causing the records to expire after seven days. The changes radically reduced the timeframe for law enforcement action after seizure of a device.

Elcomsoft says that the new USB Restricted Mode is designed to prevent “device acquisition after the device has been stored for 7 consecutive days without being unlocked or connected to a (paired) computer or USB accessory.” Going forward, it says, the success rate of unlocking the iPhone will depend largely on whether it was powered on when seized and…

[SOURCE]