Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
'GrayKey' iPhone Unlocking Box No Longer Works After iOS 12 Update
- Thread starter MacRumors
- Start date
- Sort by reaction score
Bad guys in my experience- emergency medicine- generally aren’t using an iPhone for nafarious business. Yeah I see a fair number but more often than not they also have what ever the cheapest phone one can get from the local Walmart or Metro store
Looks like Tax dollars ultimately fund iPhone security testing
[doublepost=1540474443][/doublepost]
Is that a rhetorical question? I posted information. What you choose to do with it is up to you.
Which, we the tax payers are, we need to stop wasting money on devices we know can break at any second.
[doublepost=1540474910][/doublepost]
Sorry, but if you give up freedom for temporary safety, you deserver neither. Privacy is a form of freedom that must be defended, let the police find other ways to do their jobs.
Reminds me of a local incident that got dropped because the police were unable to unlock the persons iphone and Apple refused to help. Basically, a local woman was sexually assaulted after a night out. The woman reported it to police. The man involved was arrested. He denied it and said everything was consensual, which the woman saying was not true, so basically it being a case of his word against her's. There was no CCTV but apparently, according to the woman's statement to police, he took some photo's of the assault on his iphone and is to have allegedly bragged about it to some friends on whatsapp.
The man's lawyer said his client will not unlock the iphone because he would be incriminating himself, so the police turned to Apple, who said they could not help. Without no other evidence, no witnesses and none of his friends admitting to receiving anything on their phones from the man, the prosecution lawyer dropped the case due to lack of evidence.
It makes me wonder how many times scenarios like this have played out across the world due to Apple refusing to unlock an iphone.
You just quoted the information already in the original article. What was your point? We all read the article.
There is not a single person in here who would defend the freedom of privacy if such privacy threatened the lives of their family.
It's far easy to sit in the comfort of your surroundings and say privacy must be defended but you would speak a very different tune if a police officer turned up on your doorstep to tell you someone you loved/cared for was killed because information contained in a locked iphone could have saved them but Apple refused to help.
Did you miss the part where Apple can not unlock the phone because Apple does not have the passcode or the decryption key? Apple designs the phone and iCloud in such a way that it is in no position to “help.” That’s why the fbi tried to sue them to force them to create a special version of iOS to crack phones.
That is total BS. Apple are making up BS story about not being able to unlock their phones in the hope people believe them.
I used to work for an electronics contract manufacturer Cellestica. They had (when i worked there) contracts with nearly all the mobile phone manufacturers to service their phones (apart from Apple) and i can tell you everyone of them had special tools,codes and OS commands that would unlock and decrypt messages, passcodes, the lot.
So unless you've actually worked in the industry, don't come with 'Apple cannot do it' BS
So you admit you have no idea of how Apple operates, but because others do it Apple must do it too? If it was ever discovered that Apple had the ability there'd be serious consequences, including jail time for the board members for, at a minimum, lying to the FBI (I presume; I’m not American). You seriously think they’d risk their company and freedom just to lie about security?
No other company, that I know of, claims what Apple claims about security and being unable to decrypt device contents—they don’t claim it because it’s not true; Apple does claim it because it is true. Why is that less likely than “they're lying because.... others!”
Technically there's no limit to the length of jail time for contempt in the US. It's viewed as you hold the keys to your cell and can get out at any time just by complying with the court order. At some point you could claim though (if you can do so credibly) that you've forgotten your passcode and at that point it's impossible to comply with the order. Most likely you'd be released.
In practical terms though if you're sitting in a cell for several years refusing to give up your passcode there may be an exploit discovered in whatever version of iOS you were on (your phone has been locked up in evidence this whole time and hasn't been updated). If they want what you're attempting to protect bad enough they may be able to get it anyway. Even the strongest encryption methods only buy time, the question is how much.
[doublepost=1540488574][/doublepost]
There has been at least one narrowly tailored ruling that if the ownership of the phone isn't in question then providing the passcode isn't violating your fifth amendment rights as the passcode itself would not incriminate you of anything.
[doublepost=1540489626][/doublepost]
ohwaityouwereseriousletmelaughsomemore.gif
sure, Apple just "BS"ed a federal court.
Just because i do not know how Apple procedures work, i do know how electronics work and for Apple to claim they are not able to unlock an iphone is pure BS. Anyone that believes otherwise has been suckered in by Apple.
EVERY mobile manufacturer has a way to bypass their own phones security but they do not want the public to know this. Apple software programmers had to have written the security algorithms and other security features that lock down the phone. If there is security hardware involved, the manufacturer of that security hardware have to provide Apple with the tools and knowhow of how to program the hardware to get it to work. This would involve special development software and special hardware development test rigs to allow the Apple programmers to design and write the security code/features for the phones.
Some of the chips used in the iphones will have their own 'Embedded Controllers' in them which have to be programmed to work. The manufacturer of the chips have to provide Apple with a 'datasheet' of the chips which disclose everything about the chips, what voltages they take, what data signals does it require, how to send data back and forth from the chips, how to program them, what hardware and software you need to program the chips with.
All this info the R&D department will have, test software, test tools, test jigs (to hold BGA chips so they can be programmed). There is no way on this planet that Apple does not know how to unlock an iphone, they do because their own R&D will have everything that's required, it's just that Apple do not want to and just give a BS reason in the hope that everyone will believe them.
If Tim Cook's iphone was to somehow get locked, i guarantee you Apple will unlock it because there is no way Apple engineers are going to tell their own CEO that he has lost everything and there is nothing they can do.
[doublepost=1540490258][/doublepost]
Technically there's no limit to the length of jail time for contempt in the US. It's viewed as you hold the keys to your cell and can get out at any time just by complying with the court order. At some point you could claim though (if you can do so credibly) that you've forgotten your passcode and at that point it's impossible to comply with the order. Most likely you'd be released.
In practical terms though if you're sitting in a cell for several years refusing to give up your passcode there may be an exploit discovered in whatever version of iOS you were on (your phone has been locked up in evidence this whole time and hasn't been updated). If they want what you're attempting to protect bad enough they may be able to get it anyway. Even the strongest encryption methods only buy time, the question is how much.
[doublepost=1540488574][/doublepost]
There has been at least one narrowly tailored ruling that if the ownership of the phone isn't in question then providing the passcode isn't violating your fifth amendment rights as the passcode itself would not incriminate you of anything.
[doublepost=1540489626][/doublepost]
ohwaityouwereseriousletmelaughsomemore.gif
sure, Apple just "BS"ed a federal court.
Yes, Apple did 'BS'ed a federal court in my opinion because everyone believed what Apple said.
Again, you admit you know nothing about how Apple operates but insist that they must do things like everyone else. So, to paraphrase what you said: I don’t care what anyone says, iOS is obviously just another version of Android—it has to be since I know how other phones work and they all use Android so Apple is lying about iOS being different; it’s pure BS
So, the FBI, various US courts, US government, engineers, hackers, companies who stake their very existence on being able to forensically crack and dump data on suspects' phones, foreign courts, foreign law enforcement, foreign governments—including those who don’t care about their citizens' privacy, like China—they’ve all been suckered by Apple, but you know better?
All the access to underlying technologies doesn’t really matter if the data is encrypted and the key is unknown.
I think you’re hitting the nail on the head. I think the other person is just forgetting a key part of the story. And they are doing it because they have some knowledge in the industry. If Apple decided it wanted to have the ability to unlock these devices - they 100% could. As they say, they know the devices literally inside and out. If Apple decided to develop a tool, it would be able in a very sort space of time. Like every manufacturer could, that part is correct. Key take away - Apple doesn’t want to do it. They haven’t made the tools to do it. The FBI wanted to force Apple to do it and Apple didn’t deny they would be able to. It would be crazy easy for them, no one is saying otherwise. But when people say “Apple won’t unlock a device” it’s not because they are sitting with all they keys and flipping the world off, they are saying “we physically haven’t got the developed ability to unlock it. We could if we developed a solution, but we haven’t.” Not seeing the difference here is what’s confusing people.
Actually, they can grab your finder and put it on the device. At least here in 'Merica.
I suggest a password.
"I can't remember my password, it's so complicated."
It's not worth trying to debate the issue with you, because you've made it excruciatingly clear that you won't listen, and you've stated flat out that "anyone that believes otherwise has been suckered in by Apple". But it's much more likely that you are wrong than that you are right.
No, Apple couldn't unlock it, and there's no need for them to do so - your "he has lost everything and there is nothing they can do" scenario doesn't apply (and shows you don't understand the situation as well as you keep insisting you do) - his iPhone is backed up to iCloud (likely once a day if not more), and all of his documents, data, messages, email, photos, etc., are in iCloud. If his phone were to get irretrievably locked somehow, he'd ask one of his assistants to go fetch a brand new one, and he'd sign into iCloud on it and select the right option in the setup procedures to restore from his iCloud backup (that'd get his new phone back to exactly how the old one had been half a day earlier, and with the documents he'd been working on being in iCloud or on some internal Apple network, he likely wouldn't have lost any data - maybe the sentence he'd been in the middle of typing when the zombie ninjas broke in and magically locked his phone with magic). Backups are the answer, not backdoors, and Apple has gone to huge lengths to make backups reliable and automatic.
You may have worked in the cellphone industry, but you clearly have little understanding of the ins and outs of how iOS devices work.
Last edited:
Wow, just wow. There isn't a kernel of logic to this so I can't enter into a rational debate with you. I'm sorry you feel this way.
The iPhone in the much-publicized situation with the FBI was, IIRC, an iPhone 5c, and even that far back, Apple didn't have the ability to retrieve the underlying data. It was protected by a PIN, and iOS is set up to require increasingly long pauses (ramping up from seconds to minutes to hours to days) between incorrect entry of the PIN, specifically to keep someone from brute-forcing it by simply trying every possible PIN. Even with a 4-digit PIN, this makes it take an unreasonably long time to get into the device. What the FBI wanted was a special version of iOS (which they would only use for good and would definitely not let anybody steal off their network - despite instances of both having happened before)... a special version of iOS that removed the long pauses, which would then allow them to break the encryption by brute force ("0000", "0001", "0002"...), assuming they could manage to upgrade the locked phone to the new version of iOS. Understandably, Apple didn't want to build such a privacy-defeating tool. Keep in mind - Apple's an international company; the FBI wanted such a tool for use in the USA... if they were to build such a thing, who would demand a copy next, in order to get to their citizen's private data/notes/messages? China? Saudi Arabia? Russia? (As I recall, at the time, there were local/state law enforcement agencies all over the USA getting in line to demand the same access if the FBI was successful - how well do you think every single one of them would do at keeping such technology out of the hands of bad guys?) Apple sees itself as keeping the world a bit safer, overall, by not developing such a tool in the first place, even if it means once in a while the FBI can't get to data they want. I believe they're right.
But to be clear, it isn't, and wouldn't be, a backdoor to get in by bypassing the locks on the front door (as someone here keeps insisting that Apple already has), it would be a mechanism for automating speedy and relentless attacks on the locks on the front door until they finally hit the right combination.
And since that showdown with the FBI, Apple has been working on closing every possible angle of attack they can find. Like shutting down the path that Grayshift was using.
Last edited:
This s absolutely not true.
If the dashcode is provided by the user an stored in a secure element on the device; then it is possible to have a device that Apple cannot open. Assuming the hashcode is stored in a location that is secure and only compared with an incoming hash a device can be made absolutely secure.
I worked on a FIPS compliant storage controller and there was no possible way to recover the data if you did not have the proper key. Even we, the manufacturer could not get your data if you didn't have the keys.
What you are presuming is a backdoor that Apple says does not exist.
Just because you have a data sheet for parts means nothing.
You clearly don't have an understanding of device security and the ability to have a hash that is stored encrypted.
Here is an example:
User inputs passcode
Passcode goes through hardware that outputs a hash/encrypted signature and is stored in a secure element.
That signature is used to authenticate login and encrypted unlock is sent into the device.
If the hash matches the device unlocks.
Data is encrypted with that hash and the decryption is only enabled if the hash is matched during authentication.
That's a simple scenario and I could design a piece of hardware based on that which cannot be hacked provided I have a secure memory map with write only.
Since currently there are no known collisions in some algorithms, you can absolutely prevent unlocking if you limit the time between attempts.
Even a simple rate limit of how fast the thing can try passcodes would thwart this device. They likely did more than that though.
Apple has effectively disabled the GrayKey iPhone unlocking device used by law enforcement agencies to crack the passcodes on iPhones, reports Forbes.
Multiple anonymous sources have told Forbes that the GrayKey box is unable to obtain the passcodes of any iPhone or iPad running iOS 12 or later.
On these devices, law enforcement agencies are limited to a partial extraction that provides unencrypted files and metadata like file size and folder structure.
It is not clear what method Apple used to block GrayKey access to iPhones running iOS 12 and later. Vladimir Katalov, CEO of ElcomSoft, said Apple's method is unknown.Details about the GrayKey box, made by a company called Grayshift, first leaked in March of this year. Provided to law enforcement agencies, the GrayKey box connects to an iPhone and then installs proprietary software that's designed to crack the passcode of the device.
It can take as little as 6.5 minutes for the box to crack a 4-digit passcode, while a 6-digit passcode can be calculated in approximately 11 hours.
Apple in an iOS 11 update introduced a new USB Restricted Mode feature that prevents USB accessories like the GrayKey box from connecting to an iPhone or iPad if it's been more than an hour since the device was last unlocked.
It was believed that this would prevent the GrayKey device from working, but after details on USB Restricted Mode were released, forensic experts said that it had already been defeated.
It's not known if USB Restricted Mode had an impact or if Apple implemented another method for blocking the GrayKey box, but companies like Grayshift are likely to find a workaround or a new method for cracking the iPhone.
As Rochester Police Department Captain John Sherwin told Forbes, there's always a new method in the works. "Give it time and I am sure a 'workaround' will be developed ... and then the cycle will repeat," he said. Someone is always building a better mousetrap, whether it's Apple or someone trying to defeat device security."
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Article Link: 'GrayKey' iPhone Unlocking Box No Longer Works After iOS 12 Update
Indeed. The UI software already rate limited passcode entry. Grayshift found a way to bypass this by going in at a lower level. Apple blocked that by, at least, locking out access to the Lightning port (no telling what else they added).