[1]https://www.eff.org/deeplinks/2018/05/bring-nerds-eff-introduces-act
   ual-encryption-experts-us-senate-staff
   "And that’s what companies like Cellebrite and Grayshift do. They sell
   devices that break device security—not by breaking the encryption on
   the device—but by finding flaws in implementation."
   Somehow Cellebrite's tools work around rate limits. This implies either
   the rate limit is on the secure enclave, which can be overwritten, or
   the rate limit is not enforced by the secure enclave. So obviously
   there must be some mechanism that forces the creation of a rate limit.
   Obviously the whole issue is a matter of more research and
   experimentation....
   Although this whole argument seems to be against certificate
   authorities really...

References

   1. https://www.eff.org/deeplinks/2018/05/bring-nerds-eff-introduces-actual-encryption-experts-us-senate-staff