Grayshift May Already Have iPhone Unlocking Solution for iOS 12's USB Restricted Mode

MacRumors

macrumors bot
Original poster
Apr 12, 2001
7,419
8,491



iOS 12 introduces USB restrictions that effectively put an end to law enforcement access to iPhones and iPads using devices like the GrayKey box, but Grayshift, the company that makes the box, may have already developed a workaround.

VICE's Motherboard shared an email from a forensic expert who planned to meet with Grayshift, which said the company had "gone to great lengths" to futureproof its technology and that USB Restricted Mode had been "already defeated."

Grayshift's GrayKey iPhone unlocking box, via MalwareBytes​
"Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on," a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds.
A second source that spoke to Motherboard said Grayshift addressed the topic of USB Restricted Mode in a webinar several weeks ago.

Coming in iOS 12, USB Restricted Mode prevents USB accessories from connecting to an iPhone or iPad if it's been more than an hour since the device was last unlocked.

The setting is enabled by default and it will not allow USB-based accessories like the GrayKey box to connect to an iOS device until a passcode is entered, effectively disabling the current techniques law enforcement officials across the United States are using to access locked iPhones.


Motherboard's sources did not share details on how Grayshift plans to avoid the new USB restrictions, so it's not clear if the GrayKey box will continue to function or if Grayshift has another iPhone access solution in the works.

Despite Grayshift's potential workaround, law enforcement officials are concerned about the changes Apple is implementing, and are said to be frustrated with the attention the GrayKey box has received in the media. "Some vendors are frustrated with GrayKey," one researcher told Motherboard. "They feel the media hype brought too much attention to the attack vector."

Apple yesterday confirmed its plans to implement new USB access restrictions in iOS 12 and clarified that it is aiming to defend customers against hackers, not frustrate law enforcement officials.

"At Apple, we put the customer at the center of everything we design. We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data. We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs," Apple said in a statement to MacRumors.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Grayshift May Already Have iPhone Unlocking Solution for iOS 12's USB Restricted Mode
 

tjleonard

macrumors 6502a
Jun 25, 2013
579
378
The issue is that it costs Apple a lot less money to throw some software updates in a patch than it does for Grayshift to update theirs. Sure, an update is an update, but it has to update easily or it will be something police will not waste money on.
 

dave420

macrumors 65816
Jun 15, 2010
1,404
96
I am a little out of the loop. I know a similar feature was in the last iOS 11 beta. I think it turned off the port after seven days instead of one hour. Was this feature still present in the current public release? Or was it removed?
 

trusso

macrumors 6502
Oct 4, 2003
367
901
VICE's Motherboard shared an email from a forensic expert who planned to meet with Grayshift, which said the company had "gone to great lengths" to futureproof its technology and that USB Restricted Mode had been "already defeated."
Sounds a bit like damage control, if you ask me. Hoping to make a few extra bucks before the well runs dry. Normally, I'm all for the little guys taking on the big-bad corporate baddies... but script-kiddies and crackers I can do without. (That means you, too, NSA!)

Remember CurrentC from a few years ago? No? That's because Apple Pay rendered it laughably dead-on-arrival. Grayshift is going to be DOA as well, easily outmaneuvered if Apple has their way.
 

69Mustang

macrumors 604
Jan 7, 2014
6,932
12,443
In between a rock and a hard place
If they were smart, they would've waited until iOS 12 was in the GM stage to announce this. Now Apple can look into fixing their bypass. :D
"Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on"
If they're announcing it, there's a good chance they already have another avenue ready to exploit. This is a constant game of one-upsmanship.

The issue is that it costs Apple a lot less money to throw some software updates in a patch than it does for Grayshift to update theirs. Sure, an update is an update, but it has to update easily or it will be something police will not waste money on.
This makes no sense. Cost is dependent on time and resource allocation. Also why would an easy update deter law enforcement? It's a tool for work, not a consumer device.:p Easy updating isn't a deterrent.
 

0007776

Suspended
Jul 11, 2006
6,474
8,051
Somewhere
This is a constant game of one-upsmanship.
It will be a constant back and forth between hackers and Apple. The good thing is it seems that Apple is on top of it enough to make sure that things get taken care of before bad actors get their hands on it.

I'm sure Apple is working as hard as they can to get their hands on one of these devices to figure out how it works, and probably have been successful. I'm sure they could have easily set up a shell company that claims to be a private investigator firm needing to get into a client's phone.
 

macfacts

macrumors 68040
Oct 7, 2012
3,479
4,098
Cybertron
Everything has a price and Apple is definitely not short on cash I think they will get their hands on one. Of these boxes if the haven't already
Everything has a price? That same saying can be used against Apple. Someone can pay an apple employee to steal Apple's digital signing keys. Ultimate back door right there.
 

macduke

macrumors G4
Jun 27, 2007
10,566
14,057
Central U.S.
"Some vendors are frustrated with GrayKey," one researcher told Motherboard. "They feel the media hype brought too much attention to the attack vector."
Too bad. The media was doing their jobs by reporting on the fact that the government is paying huge chunks of money to some company to hack our phones. This is how you have accountability in a free and open society. They need to get over it. At the end of the day this is yet another security vulnerability that must be patched. If some kid was doing this the FBI would raid his home and he'd serve jail time.
 

69Mustang

macrumors 604
Jan 7, 2014
6,932
12,443
In between a rock and a hard place
It will be a constant back and forth between hackers and Apple. The good thing is it seems that Apple is on top of it enough to make sure that things get taken care of before bad actors get their hands on it.

I'm sure Apple is working as hard as they can to get their hands on one of these devices to figure out how it works, and probably have been successful. I'm sure they could have easily set up a shell company that claims to be a private investigator firm needing to get into a client's phone.
I have no doubt Apple has the means to get one of the devices. Probably already has one.

As for Apple already figuring out how it works... I'm guessing you'd have to go on the presumption Grayshift's code isn't encrypted. Or it is and Apple cracked their encryption. Who knows. Grayshift says they already have other avenues ready. It's going to be a back and forth for a while it seems.