If you’re not familiar with the password-cracking device, GrayKey launched earlier this year, and was aimed at providing law enforcement agencies an easy way to break into a suspect’s iPhone and gather information that might possibly be related to a crime. However, Apple has been assertively going to bat for its customers’ data security — as evidenced by its struggle against the FBI — and has been involved in a long cat-and-mouse game with the security device.
After various failed attempts to curb the effectiveness of the GrayKey cracker — including the USB Restricted Mode that could be thwarted by a $39 accessory — it seems that Apple has finally cracked the cracker, with the result that GrayKey is now unable to fully break open an iPhone running iOS 12. While GrayKey can still perform a “partial extraction,” pulling unencrypted files and metadata like file sizes and folder structures, it can no longer use its previous methods that involved brute force to open passcodes and bypass Apple’s protections against repeated guesses.
Worst of all for security services, no-one’s quite sure how Apple has managed it. While older methods like USB Restricted were fully understood shortly after being made public, Apple’s new method of locking out GrayKey hasn’t been figured out at all yet. “No idea,” said Vladimir Katalov, chief of forensic tech provider Elcomsoft. “It could be everything from better kernel protection to stronger configuration-profile installation restrictions.”
So while this is great news for iPhone users worried about their device’s security, it’s not such good news for law enforcement, who may have been relying on the GrayKey to gather essential information. With a single GrayKey unit starting at $15,000 and prices rising to $30,000 for a device that can be used on multiple internet networks, it’s also a bad day for the coffers of such forces that have invested in the GrayKey.
It’s still likely the device isn’t fully dead yet. Someone may well figure out a way of circumventing iOS 12’s advanced security, restarting the game of data keep-away all over again. If you’re still worried about your iOS device’s security, we’ve put together an iOS security guide so you can ensure it’s locked down.