Leak: what law enforcement can unlock with the 'Graykey' iPhone hacking tool

Jump to First Reply
Posted:
in iPhone

Leaked documents reveal the secrets behind Graykey, the covert forensic tool used to unlock modern smartphones, exposing its struggles with Apple's latest iOS updates.

A hand holding a black smartphone with dual cameras outdoors on a sunny day, blurred greenery in the background.
iPhone 15



Graykey is a forensic tool designed to unlock mobile devices and extract data, primarily used by law enforcement agencies and digital forensics experts. Developed by the secretive company Grayshift -- now owned by Magnet Forensics -- Graykey has earned a reputation for its ability to bypass smartphone security measures.

The tool helps law enforcement and forensic professionals in accessing locked mobile devices during criminal investigations. It breaks device encryption and security features to retrieve personal data like messages, photos, app data, and metadata.

Graykey supports Apple and Android devices, though its effectiveness varies depending on the specific hardware and software involved. Graykey's capabilities and limitations, however, are rarely disclosed.

However, a leak of some Grayshift's internal documents was recently reported on by 404 Media. According to the data, Graykey can only perform "partial" data retrieval from iPhones running iOS 18 and iOS 18.0.1.

A compatibility table listing various iPad and iPhone models against software versions, with status indicators like Partial, Full, Consent, None in different colors.
An image of a document detailing Graykey's functionality with iPhones operating on iOS 18.0 and 18.0.1. Image credit: 404 Media



These versions were released in September and early October, respectively. A partial extraction likely includes unencrypted files and metadata, such as folder structures and file sizes, according to past reports.

Notably, Graykey struggles with beta versions of iOS 18.1. Under the latest update, the tool fails to extract any data, as per the documents.

Meanwhile, Graykey's performance with Android phones varies, largely due to the diversity of devices and manufacturers. On Google's Pixel lineup, Graykey can only partially access data from the latest Pixel 9 when in an "After First Unlock" (AFU) state -- where the phone has been unlocked at least once since being powered on.

Andrew Garrett, CEO of Garrett Discovery, confirmed that the leaked documents align with Graykey's known capabilities. Meanwhile, Magnet Forensics and Apple declined to comment on the leak.

Cat and mouse game



The leaked documents shed light on the ongoing battle between tech companies like Apple and forensic firms. Apple's frequent security updates and features, including USB Restricted Mode and iPhone rebooting after inactivity, have made unauthorized access increasingly difficult.

In response, companies like Grayshift and Cellebrite continue to develop new exploits to bypass these safeguards. While tools like Graykey may lag behind new OS releases, historical trends suggest they often catch up eventually.

Forensic experts expect the cycle of vulnerabilities and patches to persist as Apple and Google continue fortifying their systems against unauthorized access.



Read on AppleInsider

«1

Comments

  • Reply 1 of 29
    DAalsethdaalseth Posts: 3,127member
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    Xedwatto_cobra
     2Likes 0Dislikes 0Informatives
  • Reply 2 of 29
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    watto_cobramarklark
     2Likes 0Dislikes 0Informatives
  • Reply 3 of 29
    kmareikmarei Posts: 211member
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    so your argument is we should monitor all phones?

    yes about your trump statement, but unlike other presidents, no one says no to him. no republican senator or member of the house dares say no to him. or he will get negative tweets that night around 2-3am from trump. and he'll get a moderately funny schoolkid nickname.
    he has close to absolute power
    presidency
    senate
    house
    and supreme court
    DAalsethjas99watto_cobramarklark
     3Likes 1Dislike 0Informatives
  • Reply 4 of 29
    DAalsethdaalseth Posts: 3,127member
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    First the President has had a huge amount of power to control the agenda and what goes to and through Congress. Especially if both the house and senate are controlled by the same party. If he wants a law to declare chicken masala illegal, he could get it and this SCOTUS will back him up on it. A back door on our devices for ‘national security’ would be something he could do without breaking a sweat. 

    Second, back doors are always bad. Trying to restrict them to just this or that group is a minefield that is doomed to failure. Security for the law abiding will be compromised, police and security will abuse the power, the keys to the ‘secret’ opening will get into the hands of criminals. That is an absolute gold plated certainty. Meanwhile groups like Hamas will just use alternative software options and systems to render their communications immune to spying and the back door. So no, any back door is a bad idea.

    Xedwatto_cobra
     2Likes 0Dislikes 0Informatives
  • Reply 5 of 29
    thrangthrang Posts: 1,051member
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    Despite the public statements around this during the assassination attempt, I sincerely doubt this... that backdoor would swing both ways, intelligence knows this...
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 6 of 29
    DAalseth said:
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    First the President has had a huge amount of power to control the agenda and what goes to and through Congress. Especially if both the house and senate are controlled by the same party. If he wants a law to declare chicken masala illegal, he could get it and this SCOTUS will back him up on it. A back door on our devices for ‘national security’ would be something he could do without breaking a sweat. 

    Second, back doors are always bad. Trying to restrict them to just this or that group is a minefield that is doomed to failure. Security for the law abiding will be compromised, police and security will abuse the power, the keys to the ‘secret’ opening will get into the hands of criminals. That is an absolute gold plated certainty. Meanwhile groups like Hamas will just use alternative software options and systems to render their communications immune to spying and the back door. So no, any back door is a bad idea.


    ——

    Outside of tax cuts, which Republicans love with a gusto, getting legislation through a Congress with narrow majorities of the President’s party is tougher than you appear to think. Absent the opposition party’s controlling one or both houses of Congress, the power struggle becomes Congress vs. Executive branch. Senators in particular like to believe they always have the upper hand.

    watto_cobramarklark
     2Likes 0Dislikes 0Informatives
  • Reply 7 of 29
    mfrydmfryd Posts: 233member
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    It would be a challenge to install a backdoor for only non-American phones.

    The iPhone gets a lot of security from the fact that the hardware/software architecture is designed to not allow backdoors.  If you change the underlying architecture to allow backdoors, then American phones will essentially have backdoors, we will just have to live with the promise that they won't be opened.

    We know from experience, that US law allows the government to obtain search warrants without the subject knowing he is being surveilled.  We also know that Apple is a US based company and subject to US law.  Should Apple be presented with such a warrant they would be obligated to open the backdoor.

    Thus, in practice, you can't have backdoors that apply only to non-US phones.

    Now whether or not you think that Apple's level of privacy is a good or bad thing, is a different topic.

    DAalsethwatto_cobra
     2Likes 0Dislikes 0Informatives
  • Reply 8 of 29

    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    Fear mongering about Hamas potentially having iPhones without a back door is ridiculous. There are news stories from 10 years ago about Hamas in particular avoiding cellphones to prevent Israeli assignation attempts. https://www.al-monitor.com/originals/2014/02/gaza-israel-islamic-jihad-hamas-mobile-war.html

    This is why the Israeli government is using exploding pagers to attack Hezbollah and civilians in Lebanon.

    While presidents currently do not have the constitutional authority to create laws, a large part of the platform that he campaigned on is consolidating powers into the executive branch. All he would need to enact those changes is a supportive house, senate, and judiciary… and a removal of the filibuster.
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 9 of 29
    Time to go back to dumbphones.
     0Likes 0Dislikes 0Informatives
  • Reply 10 of 29
    mfryd said:
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    It would be a challenge to install a backdoor for only non-American phones.

    The iPhone gets a lot of security from the fact that the hardware/software architecture is designed to not allow backdoors.  If you change the underlying architecture to allow backdoors, then American phones will essentially have backdoors, we will just have to live with the promise that they won't be opened.

    We know from experience, that US law allows the government to obtain search warrants without the subject knowing he is being surveilled.  We also know that Apple is a US based company and subject to US law.  Should Apple be presented with such a warrant they would be obligated to open the backdoor.

    Thus, in practice, you can't have backdoors that apply only to non-US phones.

    Now whether or not you think that Apple's level of privacy is a good or bad thing, is a different topic.

    Yes, Apple is US based company and the law allows the government to obtain search warrants. But you're forgetting an important detail. A search warrant says that the government can search a particular premise and seize specific evidence of criminal activity that it expects to find. But that search warrant is in no way guarantee that the government will find what it's looking for. 

    Let me give an example of the police searching soemone's home with a warrant. Armed with the warrant, the police can show up at someone's home and search it. The homeowner can't resist or obstruct the police in performance of their duties. If the door is locked, the police will ask the homeowner to open the door or the police will break down the door. But if the police can't break down the door, the homeowner can't be held criminally liable. 
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 11 of 29
    mfrydmfryd Posts: 233member
    vvswarup said:
    mfryd said:
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    It would be a challenge to install a backdoor for only non-American phones.

    The iPhone gets a lot of security from the fact that the hardware/software architecture is designed to not allow backdoors.  If you change the underlying architecture to allow backdoors, then American phones will essentially have backdoors, we will just have to live with the promise that they won't be opened.

    We know from experience, that US law allows the government to obtain search warrants without the subject knowing he is being surveilled.  We also know that Apple is a US based company and subject to US law.  Should Apple be presented with such a warrant they would be obligated to open the backdoor.

    Thus, in practice, you can't have backdoors that apply only to non-US phones.

    Now whether or not you think that Apple's level of privacy is a good or bad thing, is a different topic.

    Yes, Apple is US based company and the law allows the government to obtain search warrants. But you're forgetting an important detail. A search warrant says that the government can search a particular premise and seize specific evidence of criminal activity that it expects to find. But that search warrant is in no way guarantee that the government will find what it's looking for. 

    Let me give an example of the police searching soemone's home with a warrant. Armed with the warrant, the police can show up at someone's home and search it. The homeowner can't resist or obstruct the police in performance of their duties. If the door is locked, the police will ask the homeowner to open the door or the police will break down the door. But if the police can't break down the door, the homeowner can't be held criminally liable. 
    If there is no back door, the search warrant will not allow the police to "open the door" to search the phone.

    If there is a back door, then the police are able to open the phone and get the data.

    Whether or not this is a good thing is a separate issue.
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 12 of 29
    never surrender your phone. Do not store your DL on your phone.
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 13 of 29
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    What a foolish and baseless comment.  TDS strikes again.  If I were you I’d be more worried about the Patriot Act which has the support of the Congress.  Your privacy is more likely to be violated by the government because of the Patriot Act than any hacking the government can do on your phone. 
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 14 of 29
    mfryd said:
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    It would be a challenge to install a backdoor for only non-American phones.

    The iPhone gets a lot of security from the fact that the hardware/software architecture is designed to not allow backdoors.  If you change the underlying architecture to allow backdoors, then American phones will essentially have backdoors, we will just have to live with the promise that they won't be opened.

    We know from experience, that US law allows the government to obtain search warrants without the subject knowing he is being surveilled.  We also know that Apple is a US based company and subject to US law.  Should Apple be presented with such a warrant they would be obligated to open the backdoor.

    Thus, in practice, you can't have backdoors that apply only to non-US phones.

    Now whether or not you think that Apple's level of privacy is a good or bad thing, is a different topic.


    Apple gets warrants all the time to provide access to iCloud data.  Your phone may be a secure sanctum from the government because of the security built into the phone and software.  But unless you take the extra step of doing a single key encryption of your iCloud data, all of that iCloud data is shareable with the government when Apple is presented with a valid warrant.  

    There’s also data in motion that the government has a better ability to hack not.  So I wouldn’t be too worried about backdoors on phones. The government has other ways a getting your data. 
    argonautwatto_cobra
     2Likes 0Dislikes 0Informatives
  • Reply 15 of 29
    kmarei said:
    DAalseth said:
    I fully expect 47 to push through a law requiring Apple to build in a back door. With that, there will go our security. 
    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    so your argument is we should monitor all phones?

    yes about your trump statement, but unlike other presidents, no one says no to him. no republican senator or member of the house dares say no to him. or he will get negative tweets that night around 2-3am from trump. and he'll get a moderately funny schoolkid nickname.
    he has close to absolute power
    presidency
    senate
    house
    and supreme court
    Trump Derangement Syndrome strikes again. 
    RonnyDaddy
     1Like 0Dislikes 0Informatives
  • Reply 16 of 29

    How would you feel if the back door only was installed for non-American iPhones. Would you be comfortable with that? When you say "our security" are you talking about Americans, or citizens of the world, including Hamas?

    Trump doesn't have the constitutional authority to create any law. Maybe you know that, but the way you worded it sounded like he has some degree of law-making authority.
    Fear mongering about Hamas potentially having iPhones without a back door is ridiculous. There are news stories from 10 years ago about Hamas in particular avoiding cellphones to prevent Israeli assignation attempts. https://www.al-monitor.com/originals/2014/02/gaza-israel-islamic-jihad-hamas-mobile-war.html

    This is why the Israeli government is using exploding pagers to attack Hezbollah and civilians in Lebanon.

    While presidents currently do not have the constitutional authority to create laws, a large part of the platform that he campaigned on is consolidating powers into the executive branch. All he would need to enact those changes is a supportive house, senate, and judiciary… and a removal of the filibuster.

    You don’t understand the political realities of what Trump is challenged with.  Everything you say about how easily he could enact new laws is very ignorant of political realities.  

    Look at how many executive orders Biden issued on day one of his presidency.  Look at the student loan executive orders by Biden that were found to be illegal by the Supreme Court, yet Biden kept issuing new ones. You have a very one sided and incomplete comprehension of what the current administration has done and a very warped perspective of what you think Trump can do.  TDS. 

    argonaut
     1Like 0Dislikes 0Informatives
  • Reply 17 of 29
    mfrydmfryd Posts: 233member
    kellie said:

    Apple gets warrants all the time to provide access to iCloud data.  Your phone may be a secure sanctum from the government because of the security built into the phone and software.  But unless you take the extra step of doing a single key encryption of your iCloud data, all of that iCloud data is shareable with the government when Apple is presented with a valid warrant.  

    There’s also data in motion that the government has a better ability to hack not.  So I wouldn’t be too worried about backdoors on phones. The government has other ways a getting your data. 
    Of course, not everyone stores data in the cloud.  If the data is not synced/stored in the cloud, then Apple cannot provide the information, even if they wanted to.   I know a few people who specifically avoid the cloud because they have significant privacy concerns, and don't trust the security of the cloud. Whether or not their concerns/fears are reasonable are a separate issue.

    But even though cloud data can be unlocked with a warrant, that does not mean that data protections are completely useless.

    For instance, suppose your phone is stolen.   A hacker is unlikely to be able to obtain a warrant to compel Apple to unlock the phone.  However, a hacker might be able to access the "back door" in order to get at your data.  Depending on what you have on your phone, that might give the hacker access to bank accounts, investment accounts, etc.

    I have a lock on the front door to my house.  Someone who knows how to pick locks likely can get through the lock in under a minute.   This doesn't mean I shouldn't bother with a lock.   The fact that it is possible to bypass protection doesn't make the protection useless.  It limits the number of actors who can gain access, and it can slow down access for those who can ultimately bypass the protection.

    But even if people have full access, one can always obfuscate the nature of communications by using code words.  An easy thing is to use private nick names for people / events, and euphemisms for actions.   Sending "Peter is taking Sally to the club" could mean that a hitman has been hired to eliminate a senator, or that the sender is planning to have sex with his wife.
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 18 of 29
    kellie said:
    You don’t understand the political realities of what Trump is challenged with.  Everything you say about how easily he could enact new laws is very ignorant of political realities.  

    Look at how many executive orders Biden issued on day one of his presidency.  Look at the student loan executive orders by Biden that were found to be illegal by the Supreme Court, yet Biden kept issuing new ones. You have a very one sided and incomplete comprehension of what the current administration has done and a very warped perspective of what you think Trump can do.  TDS. 
    I think having a basic understanding of the difference between executive orders and the passage of an actual law which you seem to be conflating shows your ignorance in basic civics.

    To clear things up an executive order is issued by the president to set policy for things within control of the executive branch. An executive order is not a law, it has the “force of law” when there is no existing law or to further clarification of an existing law, because congress did not account for every aspect of the law. A law is something that is passed by both houses of congress and signed into law by the president.

     To use your example of student loan forgiveness the Biden administration first attempted with one pathway, they were sued, and ultimately the Supreme Court decided that portions of the executive order were too broad and exceeded the executive power. There were borrowers that received loan forgiveness. So the Biden administration looked through existing law and found other potential pathways to issue their future orders. This is common practice, there is nothing nefarious about this.

    As for the political realities that an adjudicated sexual assailant, who pals around with dictators, war criminals, pedophiles, sex traffickers, murders, fraudsters, and neo-nazis is in a unique position as an incoming president. Members of his party in the house and senate are publicly threatening other members in their own caucus to push through anything he wants any way possible. He personally nominated 3 Supreme Court justices and has at least 2 other justices that have been wrapped in controversy, and have a history of right wing activism on and off the bench. 

    So his only real “political challenges” are going to be getting out of his own way and actually nominating people that could actually get the GOPs agenda done instead of people that gave him money or stroke his ego.
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 19 of 29
    mfrydmfryd Posts: 233member

    I think having a basic understanding of the difference between executive orders and the passage of an actual law which you seem to be conflating shows your ignorance in basic civics. ...

    One issue is that many people are worried that the judicial branch (including the Supreme Court) has more loyalty to Trump than they do the country/Constitution.  There have certainly been some recent rulings that are pro-Trump, and contrary to well established historical precedent. 

    Similarly, Trump seems to have that same level of loyalty from the Republican party, which controls the House and Senate.  This combination appears to short circuit the checks and balances that we would get from three branches independent of government.

    If these fears are correct, then Trump can issue whatever executive orders he likes.  If Congress doesn't object and the courts allow it, then it really doesn't matter what the law says.

    It is clear that many people share this sort of fear.  As to whether or not the fears are justified, that's another matter entirely.

    Even if Trump is able to use executive orders in this fashion, many are OK with this, as they expect to agree with whatever orders he issues.  Others prefer a system of checks and balances, even if that results in blocking some rules they would like to see. 

    Xedwatto_cobra
     2Likes 0Dislikes 0Informatives
  • Reply 20 of 29

    However, a leak of some Grayshift's internal documents was recently reported on by 404 Media. According to the data, Graykey can only perform "partial" data retrieval from iPhones running iOS 18 and iOS 18.0.1. 

    That's not accurate. It can only do "partial" on SOME iPhones running 18.0/18.0.1, while others are completely vulnerable:


    watto_cobra
     0Likes 0Dislikes 1Informative
Sign In or Register to comment.