Apple's iOS 12 update breaks iPhone-cracking GrayKey forensic tool

Posted:
in iOS
Shifting the balance of the encryption battle back in Apple's favor, iOS 12 has reportedly disrupted one of the most popular digital forensics tools, Grayshift's GrayKey.

Grayshift's GrayKey device | Source: MalwareBytes
Grayshift's GrayKey device | Source: MalwareBytes


GrayKey is unable to crack the passcodes of iPhones running the new software, sources in the forensic industry told Forbes. The only possibility is a "partial extraction," meaning the downloading of unencrypted files and metadata such as filesizes and folder structures.

It's even unclear what Apple did to improve security. "It could be everything from better kernel protection to stronger configuration-profile installation restrictions," said Elcomsoft's Vladimir Katalov.

The GrayKey hardware uses a form of "brute forcing" to run through iPhone passwords, and with previous iOS releases was somehow able to defeat Apple's safeguards against the tactic. It's now in use with law enforcement in multiple countries, including the U.S. and the U.K.

Apple and Grayshift have been engaged in a never-ending race to defeat each other's technology. In June for example Grayshift was quick to announce that it had already bypassed iOS 12's USB Restricted Mode, which, once a certain amount of time has elapsed, prevents devices from connecting to an iPhone or iPad without a user login.

Around the world, police and spy agencies have worried about communications "going dark," arguing that full-disk and end-to-end encryption methods are allowing terrorists and other criminals to operate outside their reach. Apple, other tech companies, and various activist groups have countered that people have a right to privacy, and that creating government backdoors would weaken security and leave people vulnerable to hacks.

At an event in Brussels on Wednesday, Apple CEO Tim Cook called security "foundational to trust and all other privacy rights," and pushed for a U.S. privacy law that would better anonymize data collection and give people more control over their information.

Comments

  • Reply 1 of 16
    anomeanome Posts: 1,197member

    So how long before they claim to have a new one, which will also cost tens of thousands?

    I'm not saying Grayshift are frauds, they actually do seem to have built something that will get past iOS security, but I'm curious as to how long it will take them to update their hardware to get round iOS 12, and how they'll market it to law enforcement.

    watto_cobra
  • Reply 2 of 16
    lkrupplkrupp Posts: 6,530member
    anome said:

    So how long before they claim to have a new one, which will also cost tens of thousands?

    I'm not saying Grayshift are frauds, they actually do seem to have built something that will get past iOS security, but I'm curious as to how long it will take them to update their hardware to get round iOS 12, and how they'll market it to law enforcement.

    No different than the jailbreak developers. They can claim all they want. The proof is in the doing. Why is it always implied that Apple’s engineers are incompetent dummies and lone wolf security ‘researchers’ are some kind of alien geniuses? 
    edited October 2018 magman1979racerhomie3lostkiwiberndogwatto_cobraMacPro
  • Reply 3 of 16
    But can we please go back to being able to charge without entering a passcode?
  • Reply 4 of 16
    anomeanome Posts: 1,197member
    lkrupp said:
    anome said:

    So how long before they claim to have a new one, which will also cost tens of thousands?

    I'm not saying Grayshift are frauds, they actually do seem to have built something that will get past iOS security, but I'm curious as to how long it will take them to update their hardware to get round iOS 12, and how they'll market it to law enforcement.

    No different than the jailbreak developers. They can claim all they want. The proof is in the doing. Why is it always implied that Apple’s engineers are incompetent dummies and lone wolf security ‘researchers’ are some kind of alien geniuses? 
    Because it feeds into the general anti-Apple sentiment. The same thing is true of people who say the same thing about Windows exploits, they're feeding a general anti-Microsoft sentiment. The chief difference is that Windows has so many issues that come out, an issue with Apple seems rarer. (I have no idea what the actual numbers are, but we've had 30 years of Windows security flaws and bugs to get us used to it.)
    watto_cobra
  • Reply 5 of 16
    lkrupplkrupp Posts: 6,530member
    tokyojimu said:
    But can we please go back to being able to charge without entering a passcode?
    Nonsense.
    rotateleftbytewatto_cobra
  • Reply 6 of 16
    tokyojimu said:
    But can we please go back to being able to charge without entering a passcode?
    Why are you spreading fake news?
    watto_cobraSpamSandwich
  • Reply 7 of 16
    tokyojimu said:
    But can we please go back to being able to charge without entering a passcode?
    I don't have that problem.  But back to the thread topic.
    watto_cobra
  • Reply 8 of 16
    chasmchasm Posts: 1,050member
    I'm delighted that these foolish agencies are out tens of thousands of dollars that could have been used to hire people willing to do actual detective/police work. Maybe another few rounds of this, they'll figure out it's a waste of money and get back to doing their actual jobs instead of lazily hoping technology will do it all for them.
    watto_cobra
  • Reply 9 of 16
    anome said:

    So how long before they claim to have a new one, which will also cost tens of thousands?

    I'm not saying Grayshift are frauds, they actually do seem to have built something that will get past iOS security, but I'm curious as to how long it will take them to update their hardware to get round iOS 12, and how they'll market it to law enforcement.

    Back in 1985/86 I was implementing a new system at a steel company which was being held up by a group concerned about the security of the system.  It resulted in a meeting of about 50 some high ranking executives to hash it out.  Which, of course, didn't produce any solutions, just a lot of hot air.

    But, the only valuable part of the meeting came during a break when a corporate auditor pulled me aside and whispered THE secret:

    "If they want in badly enough, the WILL get in.  The trick is to make it hard enough that they go elsewhere instead." 
    watto_cobra
  • Reply 10 of 16
    chasm said:
    I'm delighted that these foolish agencies are out tens of thousands of dollars that could have been used to hire people willing to do actual detective/police work. Maybe another few rounds of this, they'll figure out it's a waste of money and get back to doing their actual jobs instead of lazily hoping technology will do it all for them.
    Don't be silly.  It's not their money they're wasting.  They'll just confiscate more money from innocent people using asset forfeiture laws. 
    GeorgeBMacwatto_cobra
  • Reply 11 of 16
    I can't even imagine if the outcry if a US agency had the nerve to ask the USPS to open and make the contents of every piece of mail easily available "in case someone is doing something bad".  
    GeorgeBMacwatto_cobraedwardjen
  • Reply 12 of 16
    I think I know what people are saying about the passcode to charge.

    As we know when plugging into power it makes a comforting buzz to let you know charging is underway.

    In our car, there's a USB under the radio (that I don't like to use since it auto-connects/auto-plays Pandora when I'm listening to sports-radio).

    There's another USB in the console between the seats.  So when plugging into THAT (with iOS12), the buzz is different.  It's like a shake.  The phone is shaking for your attention, and there's a message that says something like "enter passcode to use accessories".

    Then I recalled reading about increased security and USB-mode etc etc (that i read about here on AI).

    A TouchID later, and it buzzes that it's charging, as it's accepted the Accessory.

    I joked to my wife that with iOS12 our entire Subaru was demoted to an "Accessory" by the phone.

    I'm good with it.

    E.
    edited October 2018 watto_cobra
  • Reply 13 of 16
    leptonlepton Posts: 110member
    The thing that bugs me is the breaking of the ten try limit. Why doesn't that kick in with this kind of break in? And the time delay for subsequent tries? 
    watto_cobra
  • Reply 14 of 16
    MacProMacPro Posts: 17,835member
    tokyojimu said:
    But can we please go back to being able to charge without entering a passcode?
    You're 'plugging it in wrong'
  • Reply 15 of 16
    MplsPMplsP Posts: 894member
    airnerd said:
    I can't even imagine if the outcry if a US agency had the nerve to ask the USPS to open and make the contents of every piece of mail easily available "in case someone is doing something bad".  
    I don’t know that there’s any evidence that agencies are randomly taking people’s iPhones and searching them. 

    It’s very possible, even probable that the police departments that have been using these devices have legitimate, legal needs to access the phones along with proper warrants. I don’t see why people are celebrating the possibility that police may not be able to find a kidnapped child or convict a drug dealer. 

    My my main issue with Greykey was the way they made it available to anyone with no controls and no way to distinguish the user,so no only did legitimate law enforcement agents have it, but potentially anyone else who could pony up the dough. 
  • Reply 16 of 16
    edwardjenedwardjen Posts: 1unconfirmed, member
    airnerd said:
    I can't even imagine if the outcry if a US agency had the nerve to ask the liteblue USPS to open and make the contents of every piece of mail easily available "in case someone is doing something bad".  
    This is true
Sign In or Register to comment.