Apple’s latest iteration of iOS has reportedly turned the GrayKey hacking device into an expensive doorstop. Law enforcement around the world has taken to using GrayKey to break into locked iPhones but it appears Apple has finally gotten ahead of the device’s crafty manufacturers. For now.
Forbes’ Thomas Brewster has been on top of the GrayKey saga from the beginning. On Wednesday, he cited sources from the forensic community who’ve told him that Apple’s efforts to keep bad actors and law enforcement from cracking into its users’ phones have paid off. According to the report, the $15,000 tool made by a shadowy company called Grayshift is now only capable of performing a “partial extraction” of data. It can pull a few unencrypted files and some metadata that’s virtually worthless.
One source that went on the record for Forbes, Captain John Sherwin of the Rochester Police Department in Minnesota, confirmed that the release of iOS 12 has hobbled GrayKey’s ability to unlock a phone. “That’s a fairly accurate assessment as to what we have experienced,” he told Forbes.
It’s still unclear what exact change could have been made to shut GrayKey out. Previous reporting has told us that the tool uses a workaround to brute force its way in by guessing a users’ password until it gets it right. Apple has protections in place to stop that kind of tactic and GrayShift’s methods are a closely held secret. Not much is known about the company. In March, Forbes reported that GrayShift counts at least one ex-Apple security engineer as part of its team. You can’t even view its website without a login given to members of law enforcement, though there have been indications that it works with private entities in some capacity as well.
With iOS 12, Apple implemented a highly-anticipated change called “USB Restricted Mode.” This shuts off lightning port access on the iPhone if it hasn’t been unlocked by a user in the last hour. This was widely believed to be Apple’s solution to foil companies like GrayShift and Cellebrite but we don’t know for certain if that did the trick. Apple did not return our request for comment.
Whether it’s the solution or not, you might want to double-check that your phone is set up for USB Restricted Mode. You’ll need to be updated to iOS 12 and go to Settings > FaceID and Passcode. Scroll down to the bottom of the page and you want your settings to look like this:
There’s no word on whether GrayShift’s competitors have hit a wall in their efforts to subvert Apple’s security. This is a big money business and we can expect that whoever loses their cash cow will be working overtime to figure out another workaround.