Pixel Envy

Written by Nick Heer.

iOS 12’s Security Improvements Impede GrayKey Passcode Cracking Functionality

Thomas Brewster of Forbes broke the news of the existence of GrayKey in March, and has been covering it brilliantly since:

Now, though, Apple has put up what may be an insurmountable wall. Multiple sources familiar with the GrayKey tech tell Forbes the device can no longer break the passcodes of any iPhone running iOS 12 or above. On those devices, GrayKey can only do what’s called a “partial extraction,” sources from the forensic community said. That means police using the tool can only draw out unencrypted files and some metadata, such as file sizes and folder structures.

Previously, GrayKey used “brute forcing” techniques to guess passcodes and had found a way to get around Apple’s protections preventing such repeat guesses. But no more. And if it’s impossible for GrayKey, which counts an ex-Apple security engineer among its founders, it’s a safe assumption few can break iPhone passcodes.

That last sentence requires two more words: “for now”. That’s how it works. After a security threat is revealed, it is patched; repeat constantly until the end of time. The biggest difference here is that there’s an enormous market for iOS vulnerabilities due to its high grade of security and its popularity, so it is not in the best interests of those who find these vulnerabilities to report them to Apple or disclose them publicly.

That, in part, is why the method by which Apple prevented GrayKey from working is just as mysterious as the means by which GrayKey worked in the first place. It’s also why it is plausible that there is a vulnerability just as insidious in every iOS device out there that won’t get reported to Apple for fixing if it’s good enough for Grayshift or Cellebrite to buy.