Grayshift’s ‘GrayKey’ iPhone Unlocking Box Reportedly no Longer Works After iOS 12 Update

BY Evan Selleck

Published 24 Oct 2018

Remember Grayshift? The firm first popped up onto the radar back in March of this year, thanks to its “GrayKey” iPhone unlocking box.

The firm’s notoriety grew quickly, as the GrayKey unlocking box made it possible for law enforcement agencies all across the United States (including federal agencies), to bypass iPhone security and access the information therein. Early reports suggested the device could bypass 6-digit passcodes on devices in just 11 hours, for instance.

Now, months later and things have gone relatively quiet on the GrayKey front. However, the unlocking box is back in the news cycle, but not for the obvious reasons. According to Forbes, after speaking with unnamed sources, the iPhone unlocking box is no longer a box that can unlock iPhones. According to the information gathered by the publication, GrayKey is no longer able to ascertain the passcode for any iPhone or iPad that’s running iOS 12.

The GrayKey box used “brute forcing” techniques to bypass passcodes on iOS devices, which could open up the device in its entirety. Now, following the iOS 12 update, the unlocking box is only capable of a “partial extraction”. That means GrayKey, if this report is accurate, is only able to “draw out unencrypted files and some metadata, such as file sizes and folder structures”.

But things are always changing, and while the current situation sees iOS 12 blocking access to sensitive data trying to be gathered by GrayKey, at least one law enforcement person believes that will change in the near future. And then the cycle will constantly repeat itself:

“Police officer Captain John Sherwin of the Rochester Police Department in Minnesota said of the claim iOS 12 was preventing GrayKey from unlocking iPhones: “That’s a fairly accurate assessment as to what we have experienced.

“Give it time and I am sure a ‘workaround’ will be developed … and then the cycle will repeat. Someone is always building a better mousetrap, whether it’s Apple or someone trying to defeat device security.”

As for the how? That remains unknown. The original report includes a quote from chief of forensic tech provider Elcomsoft, Vladimir Katalov, who states that it’s not known right now how Apple achieved what they have in regards to blocking out GrayKey:

“No idea. It could be everything from better kernel protection to stronger configuration-profile installation restrictions,” he suggested. The kernel is the core part of the operating system, from which the rest of iOS launches. Configuration profiles typically allow individuals and companies to customize the ways in which iOS apps work.”

This revelation comes just a short time after Apple’s CEO, Tim Cook, sat down for an interview to promote user security and a right to keep their data private.

[via Forbes]