'GrayKey' iPhone Unlocking Box No Longer Works After iOS 12 Update

[MacRumors]

Apple has effectively disabled the GrayKey iPhone unlocking device used by law enforcement agencies to crack the passcodes on iPhones, reports Forbes.

Multiple anonymous sources have told Forbes that the GrayKey box is unable to obtain the passcodes of any iPhone or iPad running iOS 12 or later.

GrayKey iPhone cracking box, via MalwareBytes.​

On these devices, law enforcement agencies are limited to a partial extraction that provides unencrypted files and metadata like file size and folder structure.

It is not clear what method Apple used to block GrayKey access to iPhones running iOS 12 and later. Vladimir Katalov, CEO of ElcomSoft, said Apple's method is unknown.

"No idea. It could be everything from better kernel protection to stronger configuration-profile installation restrictions," he suggested. The kernel is the core part of the operating system, from which the rest of iOS launches. Configuration profiles typically allow individuals and companies to customize the ways in which iOS apps work.

Details about the GrayKey box, made by a company called Grayshift, first leaked in March of this year. Provided to law enforcement agencies, the GrayKey box connects to an iPhone and then installs proprietary software that's designed to crack the passcode of the device.

It can take as little as 6.5 minutes for the box to crack a 4-digit passcode, while a 6-digit passcode can be calculated in approximately 11 hours.

Apple in an iOS 11 update introduced a new USB Restricted Mode feature that prevents USB accessories like the GrayKey box from connecting to an iPhone or iPad if it's been more than an hour since the device was last unlocked.

It was believed that this would prevent the GrayKey device from working, but after details on USB Restricted Mode were released, forensic experts said that it had already been defeated.

It's not known if USB Restricted Mode had an impact or if Apple implemented another method for blocking the GrayKey box, but companies like Grayshift are likely to find a workaround or a new method for cracking the iPhone.

As Rochester Police Department Captain John Sherwin told Forbes, there's always a new method in the works. "Give it time and I am sure a 'workaround' will be developed ... and then the cycle will repeat," he said. Someone is always building a better mousetrap, whether it's Apple or someone trying to defeat device security."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: 'GrayKey' iPhone Unlocking Box No Longer Works After iOS 12 Update

 

[predation]

What a waste of tax payers $

 

[dannyyankou]

Number one reason I stick with Apple: Security

 

[tobefirst ⚽️]

Those who bought this outright instead of the month-to-month plan...oops.

 

[WolfSnap]

❤️Apple

 

[Greenmeenie]

Ha ha!

 

[topgunn]

As Rochester Police Department Captain John Sherwin told Forbes, there's always a new method in the works. "Give it time and I am sure a 'workaround' will be developed ... and then the cycle will repeat," he said. Someone is always building a better mousetrap, whether it's Apple or someone trying to defeat device security."

And when that better mousetrap costs $15,000 for 300 unlocks or $30,000 for unlimited unlocks and will be useless with the next iOS update, who cares? It's only taxpayer money.

 

[err404]

What a waste of tax payers $

I disagree, only because it encourages truly more secure devices.

 

[jimmirehman]

ha! suck it pigs

 

[Banglazed]

Apple security is top Notch

 

[TheRealTVGuy]

VICTORY!!! Score one for the good guys!

 

[Stella]

Cat and mouse game continues.

This benefits Apple: vulnerabilities will be found and exploited, and Apple will patch them.

 

[max.ine]

I love Apple for stuff like this. When they actually put their money where their mouth is and go above and beyond to protect user privacy. I feel that I don’t trust and can’t trust any company out there, but Apple is probably the one I’d trust most.

 

[DrJohnnyN]

Good news. Privacy is important.

 

[gaanee]

Is it not much easier to simply point the iPhone and unlock it and get access using FaceID? According to reports your consent is not required unlike for TouchID fingerprint. That sounds like sort of a loophole for security. TouchID apart from convenience provides better protection because fingerprint patterns are harder to replicate if not impossible.

 

[prasand]

A few months ago people were looking at that price, saying that the device would be able to be upgraded. I disagreed, saying that it was an expensive device with a short life.

I hope they got their money's worth / were able to solve situations or cases that justified the expense. Makes me wonder if some would continue to invest in the next method going forward.

 

[TheWatchfulOne]

It is not clear what method Apple used to block GrayKey access to iPhones running iOS 12 and later.

Couldn't it just be that Apple made changes to the OS that GrayKey doesn't know about? Apple did lots of optimizing to make iOS 12 run faster and more efficiently. That would involve lots of changes.

 

[now i see it]

Maybe I should upgrade to iOS 12... or just don't do anything illegal

 

[Agit21]

Good luck unlocking my iPhone 7, I dont use a 4 or a 6 digit code.

 

[Apple_Robert]

As long as Apple focuses on privacy and doesn’t become Google, I will stick with them.

 

[WRChris]

What would the crime be if I started hacking iphone passwords on people’s devices without user consent? This isn’t political lol. It doesn’t matter if it’s red hackers or blue hackers.

 

[noslenam]

That sucks!!!

 

[lec0rsaire]

Take that MFers! iOS 12 is impenetrable!

 

[Drumjim85]

Is it not much easier to simply point the iPhone and unlock it and get access using FaceID? According to reports your consent is not required unlike for TouchID fingerprint. That sounds like sort of a loophole for security. TouchID apart from convenience provides better protection because fingerprint patterns are harder to replicate if not impossible.

There are a number of cases where an iOS device will require to you enter a pass code to gain entry.

 

[justperry]

Well done Apple.