Grayshift will still break into iPhones despite new security feature that Apple plans for iOS 12 update.
Apple has implemented a new security feature in iOS 12 that would essentially render iPhone cracking tools obsolete as long as they attempt to break into devices using the Lightning port.
This includes GrayKey, a device built by a company called Grayshift, whose clients include primarily governments and law enforcement trying to access data stored on iPhones allegedly used by criminals.
Apple’s new feature works by restricting the functionality of the Lightning port to charging only if the device hasn’t been unlocked within the last hour. This means that at least theoretically, devices like GrayKey should no longer be able to launch brute-force attacks to crack the passcode of iPhones, as the whole process typically takes more than an hour in the case of complex passwords.
But according to a new report, Grayshift has already found a way to bypass Apple’s new security feature, and despite the limitation, its cracking device is still 100 percent effective.
Feature bypass already available
Motherboard cites a forensic expert with knowledge of Grayshift’s development work that the existing implementation of Apple’s iPhone anti-hacking system has already been cracked by GrayKey, so unless the Cupertino-based tech giant comes up with substantial improvements, this won’t be going to change in the final release of iOS 12.
“Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,” the expert was quoted as saying. “They seem very confident in their staying power for the future right now.”
Apple released a statement earlier this week to highlight its efforts to make USB-based cracking solutions useless, but the company hasn’t said a single thing about more advanced exploits that could be used to break into iPhones despite this new feature.
“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data. We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” Apple said.
Grayshift’s customers include police across the United States, government agencies, and other law enforcement departments interested in breaking into iPhones to extract stored data.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.