Look at this $15,000 paperweight
If you’re a police department or criminal who bought one through a proxy of some sort, you’re likely disappointed. Your $15,000 to $30,000 iPhone hacking tool is worthless now. Of course, if you’re a taxpayer whose tax money went to buying this now worthless brick, you’re also likely angry, but for different reasons.
However, if you’re a person concerned about a thief or officer being able to go through your phone, potentially without a warrant, then you’re in luck! Apple’s iOS 12 update somehow disabled the GrayKey device. Apple’s not just locking out data access after the device has been inactive for an hour, the company has apparently taken additional steps to secure the device. This makes the GrayKey useless.
Once again, your iPhone is safe from thieves, police, hackers, or even foreign spies.
Brute Force Denied
There are two problems with hacking into an iPhone running the latest version of iOS 12. First, is that data access is locked after one hour of disuse. This means that, if the brute force hack takes longer than an hour, your phone will lock out the GrayKey. The GrayKey can break into an iPhone with a 4 digit passcode in under 15 minutes. However, if you’re using a 6 character passcode, it will take, on average, around 11 hours. That’s 10 hours the GrayKey doesn’t have anymore. Of course, if you took my advice and use a passcode that’s longer than 10 characters, they GrayKey could have never broken into your device anyway.
Kernel Access Denied
But beyond the fact that brute force attacks take too long, Apple has done something else. They haven’t published what they did, but it seems as though they’ve made the iPhone kernel, that is, the software that all the rest of the operating system sits atop of, more secure. This means that, at best, the GrayKey can only pull out partial metadata, like file sizes and other unencrypted data. Anyone using the GrayKey can’t get useful information from an iPhone anymore.
Better Mouse Trap
“Give it time and I am sure a ‘workaround’ will be developed … and then the cycle will repeat. Someone is always building a better mousetrap, whether it’s Apple or someone trying to defeat device security.”
– Captain John Sherwin of the Rochester Police Department in Minnesota
Police departments have confirmed that their GrayKeys are useless now. They’re hopeful that hackers will find another way into the iPhone and commercialize their hack again. Perhaps the hackers at GrayKey will be the first to do so. If that happens, they may choose to update the GrayKey device, if it can accept updates. If it can’t, police departments, governments, spies, and, via a proxy at one of those organizations, thieves, will be out another $15,000 or more to unlock phones. This likely prove to be a waste of money once again, but police departments consider it a taxpayer expense they’re willing to make you pay for.
Sources: