Apple May Have Stopped Cops from Unlocking iPhones

Apple does not take kindly to law-enforcement agencies circumventing its device protections. And now the company may have shut down at least one workaround.

Credit: Tom's Guide

(Image credit: Tom's Guide)


Apple's latest mobile operating system, iOS 12, reportedly blocks the GrayKey iPhone-unlocking boxes used by many police departments, Forbes is reporting, citing "sources familiar" with GrayKey technology.

If this is true, the defeat of GrayKey removes a useful tool from ordinary police agencies' digital-forensics arsenal, and may slow down or kill many ongoing investigations. (The National Security Agencies and other intelligence agencies presumably have other ways of getting into iPhones.)

MORE: iOS 12's Security Features: The Good and the Bad

In March, Forbes discovered that an American company named Grayshift had devised a way to brute-force iOS lockscreen passcodes with a relatively inexpensive device called GrayKey, which is a small box with two Lightning cable poking out.

Grayshift sells GrayKey boxes to law-enforcement agencies in North America and the U.K. to aid them in their investigations. A $15,000 GrayKey is good for up to 300 iPhone unlocks; for $30,000, you get unlimited unlocks.

That may seem expensive, but it's a lot cheaper and easier than competing technology offered by Israeli firm Cellebrite, which charges $5,000 for a single iPhone unlock and generally requires cops to send the iPhone to a Cellebrite facility. With GrayKey, police can run the unlocking procedure themselves.

A GrayKey iPhone-unlocking device. Credit: Malwarebytes

(Image credit: A GrayKey iPhone-unlocking device. Credit: Malwarebytes)

According to the Forbes report, GrayKey can still extract "partial" information, such unencrypted information and metadata, from iPhones and iPads running iOS 12.

Previously, GrayKey was able to extract both unencrypted and encrypted data from the devices by somehow overcoming Apple's rate limitations on brute-force screen-passcode guesses. A four-digit PIN might take a couple of hours to "brute force"; a six-digit PIN, which Apple now makes mandatory, could take up to three days. Long alphanumeric passcodes would take much longer.

Ordinarily, typing in an iPhone lockscreen passcode incorrectly more than three or four times in succession requires a brief "cooling off" period  before you can try again. The more incorrect guesses you make, the longer the "time out" becomes.

It's not clear how Grayshift figured out how to bypass Apple's incorrect-guess rate limitations, or whether Cellebrite uses similar methods. Nor is it clear, despite some attempts by Grayshift and others, to figure out how Apple defeated GrayKey.

Security expert Vladimir Katalov, who heads up Russian forensic security company Elcomsoft, told Forbes that he has "no idea" what Apple did to overcome the GrayKey workaround. He suggested Apple might have improved the operating system's kernel or strengthened its configuration profiles, which give users the ability to create customized app experiences.

Katalov's professed ignorance is significant because Elcomsoft discovered back in May that Apple was experimenting with something called "USB Restricted Mode." That feature, which first showed up in a beta version of iOS 11.4.1 and now is part of iOS 12, disables the data-transfer capabilities of an iPhone's Lightning connector if the phone stays locked for more than an hour.

Somehow, Katalov doesn't think USB Restricted Mode is what's stymied GrayKey, even though that's exactly what the new feature seems to have been designed to do.

Apple has been one of the most vocal supporters of device encryption and privacy in the technology industry. Despite the insistence from law-enforcement officials and politicians that access to digital devices -- with a search warrant -- is essential to letting police and other investigators do their jobs, Apple continues to improve device security.

TOPICS

Don Reisinger is CEO and founder of D2 Tech Agency. A communications strategist, consultant, and copywriter, Don has also written for many leading technology and business publications including CNET, Fortune Magazine, The New York Times, Forbes, Computerworld, Digital Trends, TechCrunch and Slashgear. He has also written for Tom's Guide for many years, contributing hundreds of articles on everything from phones to games to streaming and smart home.

Latest in iPhones
A photo of Apple CarPly in use
Apple CarPlay just got a welcome upgrade in iOS 18.4 — what you need to know
iOS 19 logo on an iPhone
5 biggest iOS 19 rumors — here’s how Apple could transform your iPhone
iPhone 17 Air render
iPhone 17 Air could be just 5.5mm thick — but 9.5mm when you throw in the camera bump
iPhone 16
Hoping for a new iPhone 16 color? Here's why that's looking unlikely
iOS Photos app
iOS 18.4 Photos update makes it easier to sort, hide and delete your photos on iPhone — here’s what you can do
iPhone 16 Pro shown held in hand
You can disable those awkward AI message summaries on iPhone — here's how
Latest in News
Gemini logo on smartphone
Google is giving away Gemini's best paid features for free — here's the tools you can try now
Samsung Galaxy S23 Ultra
Older Samsung phones are finally getting One UI 7 — here's all the devices
A photo of Apple CarPly in use
Apple CarPlay just got a welcome upgrade in iOS 18.4 — what you need to know
the Orbea Denna on a gravel track
Orbea's new e-bike is designed to tackle both road and gravel — and you can build your own
An off-white pillow opened up halfway with the latex and fiber filling spilling outside
Coop Sleep Goods launches new Adjustable Latex Pillow — and it's 20% off for Sleep Week
Try Galaxy home screen on iPhone 16 Pro Max
You can now try Samsung's latest One UI 7 software on your iPhone — here's how