GrayKey likely still works even with USB disabled on iPhones

[Greg S]

Why it matters: Apple is trying to better secure iPhones from being unlocked. With current tools, nearly any iPhone can have its contents dumped within hours. Disabling USB access is meant to stop existing hardware tools from accessing private information, but the feature appears to have already been beaten by the security community.

After Apple just recently confirmed that its restricted USB feature could protect against tools being used by law enforcement, one of the major businesses involved in iPhone hacking could have already beaten Apple's new feature. Forensic experts now believe that Grayshift, maker of GrayKey, has methods of accessing the contents of your iPhone working on iOS 12 with USB Restricted Mode enabled.

According to an email from a forensic analyst, "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on."

At this time there is no demonstration that confirms Grayshift actually has figured out how to break into the latest version of iOS on current model iPhones, but there is little reason for doubt. A follow up email noted that USB Restricted Mode was addressed by Grayshift in a private presentation. It will only be a matter of time before iOS 12 is released and new demonstrations are needed to make sales.

Given that USB Restricted Mode is going to be turned on by default in iOS 12, Grayshift, Cellebrite and other security firms specializing in mobile phones will certainly be looking for ways around the security measure. It is possible that unreported exploits still exist in iOS that could circumvent the USB restriction. Knowing how many exploits in microprocessors have been uncovered this year, there may be hardware vulnerabilities lurking about that could leak data.

In the past, security firms had the luxury of operating relatively under the radar. Now that users have become more security-conscious and somewhat aware that their device is almost certainly able to be compromised if lost or stolen, a spotlight has been put onto companies specializing in hacking. The result is a cat and mouse game between manufacturers to secure their devices and security firms to continue to break in and sell their wares.

Permalink to story.

https://www.techspot.com/news/75109-graykey-likely-works-even-usb-disabled-iphones.html

 

[MonsterZero]

Let's just remove ports all together, I rarely transfer data over USB to my device and wireless charging is everywhere.

 

[trparky]

Darn it. One step closer to a police state where we can be randomly asked "Where's your papers?". I'd even go so far as to say that we may already be living in a police state.

 

[mbrowne5061]

Let's just remove ports all together, I rarely transfer data over USB to my device and wireless charging is everywhere.

Then they'll just move to wireless; you can turn radios on and off in most devices without unlocking them.

As usual, your best bet to ensure privacy if your device is lost or stolen is to setup a killswitch on your device: some way to remotely wipe it, via SMS message or data connection.

 

[Theinsanegamer]

Let's just remove ports all together, I rarely transfer data over USB to my device and wireless charging is everywhere.

And hope you never have to recover data, and forget simple transferring of large quantities of data (say, movies), and forget high charging speeds, or external video, or using wired headphones, ece. And if your device software bricks and you need to recover the device? You're screwed.

In fact, how would you propose companies like apple load their OS onto a device like this when there is no port to send data through? And wireless charging is not "everywhere" unless you bring your own pad with you.

 

[cliffordcooley]

The restricted USB feature must be a software switch. Because if USB was shut off at the hardware level, nothing would communicate.