Just about a week ago, word emerged that the Israeli-based security firm Cellebrite had developed a tool which enables it to access any locked iPhone model running any iteration of iOS, including an iPhone X running iOS 11. In the wake of that revelation, Forbes relays that another security firm — a U.S. based company called Grayshift — has come up with an iOS 11 workaround of its own, albeit with some limitations.
Though not as widely known as Cellebrite or, say, the NSO Group, Grayshift is said to be staffed by “long-time U.S. intelligence agency contractors and an ex-Apple security engineer.” As for for the company’s iOS 11 hack, the report claims that the company is now advertising an unlocking tool which provides users with upwards of 300 passcode guesses for $15,000. A pricier $30,000 option provides users with an unlimited number of guesses. In effect, Grayshift’s tool is simply a means for users to gain access to a device through brute force.
Naturally, details surrounding the mechanics of Grayshift’s solution are hard to come by, though security researchers point to an attack on the Secure Enclave originally introduced on the iPhone 5s.
According to Ryan Duff, director of cyber solutions at Point3 Security, it appeared Grayshift had access to similar exploits as Cellebrite, namely a probable hack that targets Apple’s Secure Enclave, the isolated chip in iPhones that handles encryption keys. The Secure Enclave makes it especially time-consuming to carry out brute forcing by incrementally increasing the time between guesses, up to an hour for the ninth attempt onwards. But if it can be broken, the speed to guessing the right password can be improved.
Incidentally, it remains unclear if Grayshift’s solution works for every iteration of iOS 11, especially given that Apple has rolled out a few updates with a variety of security patches over the past few months.
Additional information about Grayshift can be viewed over here.