Ever since Apple refused to build a backdoor into iOS for law enforcement to exploit, agencies around the world have been fast at work developing methods to break into iPhones. Of note were third-party forensic firms like Cellebrite and Grayshift that had developed tools that could bypass the encryption and protections offered by iOS 11. Given Apple’s hard stance on protecting user privacy, the company too has been working on ensuring that no one is able to find ways to gain illicit access to user data. One way they have ensured this is with the introduction of the USB Restrict mode which has been pushed to all iPhones with the iOS 11.4.1 OTA update.
USB Restrict Mode is supposed to block access to data on the iPhone if the iPhone has been locked with a passcode for over an hour. This particular feature seems squarely aimed at the GrayKey unlocking tool. GrayKey is an unlocking tool developed by GrayShift which has two lightning cables to plug into iPhones. The iPhones can be removed after two minutes of being plugged into the device, but the cracking software will continue running on the iPhones, eventually revealing the passcode and other details on the iPhone screen. Apple’s USB Restrict mode theoretically should block GrayKey and other alleged tools that use similar exploits.