Apple May Have Blocked GrayKey Phone Hacker in iOS 12 Update

Apple May Have Blocked GrayKey Phone Hacker in iOS 12 Update

Apple touts its iOS platform as more secure than Android, but we don’t actually know how secure it is. Android is open source, so everyone can follow the patching and disclosure of bugs. iOS is essentially a black box with an unknown number of flaws, some of which have been exploited by a mysterious company called Grayshift. It sells a device called GrayKey that can unlock iPhones for law enforcement, but the expensive box is reportedly almost useless after the recent update to iOS 12. Apple did something to block GrayKey, but no one knows what.

Grayshift sells the iPhone cracker exclusively to governments and police, marketing it as a way to unlock encrypted devices to get at their files. The company keeps its technology secret, and it doesn’t come cheap. The GrayKey starts at $15,000 with a limit of 300 uses, and an unlimited version costs $30,000. That unlimited license may have been less appealing over the summer as Apple prepared to implement USB Restricted Mode in iOS, which disables data access after a phone has been locked for about an hour. That was an imperfect defense, though. Security experts have speculated on several methods that could keep phones unlocked longer to ensure they can still be hacked.

The reality of using the GrayKey on iOS 12 may be even worse than police expected. A new report says that GrayKey is only able to operate in “partial extraction” mode on iOS 12 devices. That means it cannot decrypt the full device storage. All investigators get are a few unencrypted configuration files and metadata about files and folders (files sizes, folder structure, and so on).

A GrayKey box with two lightning cables.
A GrayKey box with two lightning cables.

Since Grayshift doesn’t talk about how its tools work, it’s hard to speculate on how Apple blocked it. Previously, the GrayKey would load proprietary software into the phone to brute force its passcode without running into the retry limit. There may be deep kernel changes at work to specifically block GrayKey in addition to the use of USB Restricted Mode. Some new configuration profiles could also be at work to make the GrayShift tools less effective.

This cat and mouse game won’t end anytime soon, though. Grayshift has made a great deal of money hacking into iPhones, and it’s not giving up. If it doesn’t already have another exploit waiting in the wings, it’s probably hard at work to either uncover or buy one.

Continue reading

Someone Hacked Ray Tracing Into the SNES
Someone Hacked Ray Tracing Into the SNES

Surely, a game console from the 90s couldn't support ray tracing, right? Wrong. Game developer and engineer Ben Carter hacked ray tracing into the Super NES with a little help from an FPGA dev board.

Apple Urges Immediate iPhone Update to Block Active Online Hacks
Apple Urges Immediate iPhone Update to Block Active Online Hacks

There's a new version of Apple's iOS software for iPhone and iPad devices, and as usual, Apple is going to start pestering users to update. This time, the nagging for iOS 14.4 comes with a little more urgency.

Signal Founder Hacks Cellebrite’s Phone Hacking Tools
Signal Founder Hacks Cellebrite’s Phone Hacking Tools

The Israeli firm recently bragged that it has helped law enforcement retrieve data from the encrypted Signal chat app. Well, Signal founder Moxie Marlinspike had something to say about that.

New ‘Morpheus’ CPU Design Defeats Hundreds of Hackers in DARPA Tests
New ‘Morpheus’ CPU Design Defeats Hundreds of Hackers in DARPA Tests

A new CPU design has won accolades for defeating the hacking efforts of nearly 600 experts during a DARPA challenge. Its approach could help us close side-channel vulnerabilities in the future.