iOS 11.4 should be released within the next several weeks. With that, Apple could be implementing further security protocols on iOS that prevent devices to be used with a Mac or PC after 7 days of not unlocking the device.
According to security blog Elcomsoft, the latest iOS 11.4 beta includes a new USB Restricted Mode. It notes that this feature was originally introduced in early iOS 11.3 betas, but was later removed in the final release.
Essentially, what is happening is that if an iOS device does not have a successful unlock within a week, whether via biometrics or passcode, the Lightning port on the device will be restricted to a charging only mode.
This may be in response to companies such as GrayKey essentially cloning iOS device partitions, backing it up, and then restoring it at a later date after the iPhone has exceeded its passcode attempts. This basically locks the device in a way that it cannot be restored or updated via iTunes after the threshold period is met.
The feature will also not honor iTunes pairing records, meaning if you had a computer that was previously trusted with the device, it won’t matter until the owner unlocks the device with the passcode. The report does mention that it is unsure if methods such as GrayKey still work with iOS 11.4.
Prior to iOS 11, an iPhone or iPad that was once trusted via iTunes on a computer was still able to create a new local backup. That way, someone could easily do a DFU restore on the device and have essentially unlimited passcode attempts at the device once restored.
However, Apple took this one step further in iOS 11 with expiring lockdown records, meaning after a lockdown record expired, it could no longer communicate with the iOS device in question, requiring a new pairing prompt.
In iOS 11.3, iTunes pairing records expired after 7 days, and now it looks like Apple is wanting to further lockdown its devices in iOS 11.4 by preventing devices to communicate to iTunes at all without the passcode.
