Apple just confirmed that it’ll prevent iPhone hackers from bypassing encryption by brute-forcing passwords via machines designed expressly to obtain access to locked handsets. Machines like the GrayKey were featured prominently in reports this past year, hook up to an iPhone via Lightning, and then unlock the device by using all possible PIN combinations until the correct one is discovered.
iOS 12 already addresses the hack by turning the USB connection into a charging-only mode if the iPhone hasn’t been unlocked in more than an hour. But the final iOS 12 release is months away. And hackers say they found a way to deal with it.
Products like the GrayKey box below, which cost tens of thousands of dollars, have become popular with law enforcement agencies, giving them access to locked iPhones seized from suspects. The USB Restricted Mode found in iOS 12 beta, will render them useless in some cases, as investigators will have an hour at most to bring a seized iPhone to forensics to have it unlocked — that’s assuming the suspect used the device right before it was taken.
While the news that Apple would block hacks such as this one in iOS 12 made waves in the law enforcement community, it’s important to note that Apple isn’t doing this to spite the police. Apple is merely addressing a security issue that puts the data of every iPhone user at risk. Devices like the GrayKey are popular with law enforcement agencies, but that doesn’t mean other hackers could not figure out how to replicate the hacks themselves to spy on specific targets who use iPhones. Physical access would still be required to the handset to perform the attack. And you can certainly expect that repressive regimes around the world may be interested in these techniques as well.
On the other hand, law enforcement agencies still have every right to find ways to break the iPhone’s security. Nobody is disputing the fact.
Grayshift, the maker of GrayKey, has supposedly figured out how to bypass the USB Restricted Mode Apple just came out with. Here’s what an email from a forensic expert, seen by Motherboard says:
Grayshift has gone to great lengths to future-proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on.
They seem very confident in their staying power for the future right now
This may be just marketing from Grayshift. Of course, they’d say that. But it can also be real. After all, more than ten years after the iPhone was launched and the handset can still be jailbroken — that’s a different type of hack, but it proves that Apple’s security can still be defeated.
Motherboard also had access to Grayshift demonstration slides that explain how an iPhone is hacked, and why USB Restricted Mode blocks it. The GrayKey uses two strategies to unlock the phone, including “Before First Unlock” or BFU, and “After First Unlock” or AFU.
BFU is slow, taking 10 minutes per try, and offers limited data. That happens because the phone was off when taken into custody. AFU, meanwhile, is a fast brute force attack, allowing 300,000 tries. If it works, it offers access to 95% of the user’s data.