Apple's iOS 12 update breaks iPhone-cracking GrayKey forensic tool
Shifting the balance of the encryption battle back in Apple's favor, iOS 12 has reportedly disrupted one of the most popular digital forensics tools, Grayshift's GrayKey.
Grayshift's GrayKey device | Source: MalwareBytes
GrayKey is unable to crack the passcodes of iPhones running the new software, sources in the forensic industry told Forbes. The only possibility is a "partial extraction," meaning the downloading of unencrypted files and metadata such as filesizes and folder structures.
It's even unclear what Apple did to improve security. "It could be everything from better kernel protection to stronger configuration-profile installation restrictions," said Elcomsoft's Vladimir Katalov.
The GrayKey hardware uses a form of "brute forcing" to run through iPhone passwords, and with previous iOS releases was somehow able to defeat Apple's safeguards against the tactic. It's now in use with law enforcement in multiple countries, including the U.S. and the U.K.
Apple and Grayshift have been engaged in a never-ending race to defeat each other's technology. In June for example Grayshift was quick to announce that it had already bypassed iOS 12's USB Restricted Mode, which, once a certain amount of time has elapsed, prevents devices from connecting to an iPhone or iPad without a user login.
Around the world, police and spy agencies have worried about communications "going dark," arguing that full-disk and end-to-end encryption methods are allowing terrorists and other criminals to operate outside their reach. Apple, other tech companies, and various activist groups have countered that people have a right to privacy, and that creating government backdoors would weaken security and leave people vulnerable to hacks.
At an event in Brussels on Wednesday, Apple CEO Tim Cook called security "foundational to trust and all other privacy rights," and pushed for a U.S. privacy law that would better anonymize data collection and give people more control over their information.
Grayshift's GrayKey device | Source: MalwareBytes
GrayKey is unable to crack the passcodes of iPhones running the new software, sources in the forensic industry told Forbes. The only possibility is a "partial extraction," meaning the downloading of unencrypted files and metadata such as filesizes and folder structures.
It's even unclear what Apple did to improve security. "It could be everything from better kernel protection to stronger configuration-profile installation restrictions," said Elcomsoft's Vladimir Katalov.
The GrayKey hardware uses a form of "brute forcing" to run through iPhone passwords, and with previous iOS releases was somehow able to defeat Apple's safeguards against the tactic. It's now in use with law enforcement in multiple countries, including the U.S. and the U.K.
Apple and Grayshift have been engaged in a never-ending race to defeat each other's technology. In June for example Grayshift was quick to announce that it had already bypassed iOS 12's USB Restricted Mode, which, once a certain amount of time has elapsed, prevents devices from connecting to an iPhone or iPad without a user login.
Around the world, police and spy agencies have worried about communications "going dark," arguing that full-disk and end-to-end encryption methods are allowing terrorists and other criminals to operate outside their reach. Apple, other tech companies, and various activist groups have countered that people have a right to privacy, and that creating government backdoors would weaken security and leave people vulnerable to hacks.
At an event in Brussels on Wednesday, Apple CEO Tim Cook called security "foundational to trust and all other privacy rights," and pushed for a U.S. privacy law that would better anonymize data collection and give people more control over their information.
Comments
So how long before they claim to have a new one, which will also cost tens of thousands?
I'm not saying Grayshift are frauds, they actually do seem to have built something that will get past iOS security, but I'm curious as to how long it will take them to update their hardware to get round iOS 12, and how they'll market it to law enforcement.
"If they want in badly enough, the WILL get in. The trick is to make it hard enough that they go elsewhere instead."
As we know when plugging into power it makes a comforting buzz to let you know charging is underway.
In our car, there's a USB under the radio (that I don't like to use since it auto-connects/auto-plays Pandora when I'm listening to sports-radio).
There's another USB in the console between the seats. So when plugging into THAT (with iOS12), the buzz is different. It's like a shake. The phone is shaking for your attention, and there's a message that says something like "enter passcode to use accessories".
Then I recalled reading about increased security and USB-mode etc etc (that i read about here on AI).
A TouchID later, and it buzzes that it's charging, as it's accepted the Accessory.
I joked to my wife that with iOS12 our entire Subaru was demoted to an "Accessory" by the phone.
I'm good with it.
E.
It’s very possible, even probable that the police departments that have been using these devices have legitimate, legal needs to access the phones along with proper warrants. I don’t see why people are celebrating the possibility that police may not be able to find a kidnapped child or convict a drug dealer.
My my main issue with Greykey was the way they made it available to anyone with no controls and no way to distinguish the user,so no only did legitimate law enforcement agents have it, but potentially anyone else who could pony up the dough.