Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
56,502
19,258



Apple has effectively disabled the GrayKey iPhone unlocking device used by law enforcement agencies to crack the passcodes on iPhones, reports Forbes.

Multiple anonymous sources have told Forbes that the GrayKey box is unable to obtain the passcodes of any iPhone or iPad running iOS 12 or later.

graykey1.jpg


On these devices, law enforcement agencies are limited to a partial extraction that provides unencrypted files and metadata like file size and folder structure.

It is not clear what method Apple used to block GrayKey access to iPhones running iOS 12 and later. Vladimir Katalov, CEO of ElcomSoft, said Apple's method is unknown.
"No idea. It could be everything from better kernel protection to stronger configuration-profile installation restrictions," he suggested. The kernel is the core part of the operating system, from which the rest of iOS launches. Configuration profiles typically allow individuals and companies to customize the ways in which iOS apps work.
Details about the GrayKey box, made by a company called Grayshift, first leaked in March of this year. Provided to law enforcement agencies, the GrayKey box connects to an iPhone and then installs proprietary software that's designed to crack the passcode of the device.

It can take as little as 6.5 minutes for the box to crack a 4-digit passcode, while a 6-digit passcode can be calculated in approximately 11 hours.

Apple in an iOS 11 update introduced a new USB Restricted Mode feature that prevents USB accessories like the GrayKey box from connecting to an iPhone or iPad if it's been more than an hour since the device was last unlocked.

It was believed that this would prevent the GrayKey device from working, but after details on USB Restricted Mode were released, forensic experts said that it had already been defeated.

It's not known if USB Restricted Mode had an impact or if Apple implemented another method for blocking the GrayKey box, but companies like Grayshift are likely to find a workaround or a new method for cracking the iPhone.

As Rochester Police Department Captain John Sherwin told Forbes, there's always a new method in the works. "Give it time and I am sure a 'workaround' will be developed ... and then the cycle will repeat," he said. Someone is always building a better mousetrap, whether it's Apple or someone trying to defeat device security."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: 'GrayKey' iPhone Unlocking Box No Longer Works After iOS 12 Update
 

topgunn

macrumors 68000
Nov 5, 2004
1,546
1,991
Houston
As Rochester Police Department Captain John Sherwin told Forbes, there's always a new method in the works. "Give it time and I am sure a 'workaround' will be developed ... and then the cycle will repeat," he said. Someone is always building a better mousetrap, whether it's Apple or someone trying to defeat device security."
And when that better mousetrap costs $15,000 for 300 unlocks or $30,000 for unlimited unlocks and will be useless with the next iOS update, who cares? It's only taxpayer money.
 
Last edited:

max.ine

macrumors 6502
Aug 16, 2016
263
461
I love Apple for stuff like this. When they actually put their money where their mouth is and go above and beyond to protect user privacy. I feel that I don’t trust and can’t trust any company out there, but Apple is probably the one I’d trust most.
 

gaanee

macrumors 65816
Dec 8, 2011
1,414
224
Is it not much easier to simply point the iPhone and unlock it and get access using FaceID? According to reports your consent is not required unlike for TouchID fingerprint. That sounds like sort of a loophole for security. TouchID apart from convenience provides better protection because fingerprint patterns are harder to replicate if not impossible.
 

prasand

macrumors 6502a
Mar 24, 2015
524
349
UES, New York
A few months ago people were looking at that price, saying that the device would be able to be upgraded. I disagreed, saying that it was an expensive device with a short life.

I hope they got their money's worth / were able to solve situations or cases that justified the expense. Makes me wonder if some would continue to invest in the next method going forward.
 

WRChris

macrumors 6502a
Aug 17, 2016
680
945
Indiana
What would the crime be if I started hacking iphone passwords on people’s devices without user consent? This isn’t political lol. It doesn’t matter if it’s red hackers or blue hackers.
 
  • Like
Reactions: 0947347

Drumjim85

macrumors 68030
Oct 7, 2007
2,601
224
DFW, TX
Is it not much easier to simply point the iPhone and unlock it and get access using FaceID? According to reports your consent is not required unlike for TouchID fingerprint. That sounds like sort of a loophole for security. TouchID apart from convenience provides better protection because fingerprint patterns are harder to replicate if not impossible.

There are a number of cases where an iOS device will require to you enter a pass code to gain entry.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.