Earlier this year, Apple updated iOS to block passcode cracking tools like GrayKey (used by police and government law enforcement officers). But the original iOS 11.4.1 patch wasn’t perfect, with researchers still finding ways around it. That seems to have changed with the release of iOS 12 last month, which a recent Forbes report notes appears to have completely blocked the GrayKey tool, preventing it from cracking the password of any devices running the latest software.
GrayKey first made waves earlier this year as a tool specifically developed and sold to police departments to break passwords on iPhones for use in investigations. But now, instead of brute-forcing passwords, GrayKey is apparently limited to just a “partial extraction,” only offering access to unencrypted metadata like file sizes. Forbes doesn’t make it clear if the patch is something Apple has done recently, or if the improved block has been in place since iOS 12 was released in mid-September, but for now at least, it appears to have shut down GrayKey.
It’s also not clear what Apple’s done to lock out GrayKey this time. One forensic expert speculated to Forbes that “it could be everything from better kernel protection to stronger configuration-profile installation restrictions,” but no one seems to know for sure. But according to police officer Captain John Sherwin (from the Rochester Police Department in Minnesota), it’s a “fairly accurate assessment” to say that Apple has stopped GrayKey from unlocking updated devices.
Whatever Apple did to block GrayKey here, though, chances are that Grayshift — the company that develops GrayKey — is already looking for a workaround to continue to bypass Apple’s password systems.