What just happened? The ongoing war between Apple and law enforcement agencies over the use of the GrayKey hacking tool has apparently swung in Cupertino’s favor. According to a new report, any devices running last month’s release of iOS 12 are immune to GrayKey's password cracking abilities, thanks to a “mystery fix” that was included in the software.
Created by Atlanta-based firm Grayshift, the $15,000 box (or $30,000, for a version that requires no internet connection and unlimited unlocks) arrived earlier this year as a tool for police departments to break passwords on iPhones related to criminal investigations.
In June, Apple said its new USB Restricted Mode would protect against devices such as those from Grayshift and Cellebrite, though the GrayKey maker quickly announced that it had “already defeated this security feature in the beta build.”
With iOS 12, however, GrayKey can no longer break a password. According to a report by Forbes, the forensic community says the best it can offer is a “partial extraction,” which lets it pull unencrypted files and some metadata such as file sizes and folder structures—information that’s unlikely to be of any use to investigators.
Exactly how Apple has managed to hamstring GrayKey is unclear. Vladimir Katalov, chief of forensic tech provider Elcomsoft, said “it could be everything from better kernel protection to stronger configuration-profile installation restrictions.”
With GrayKey devices spreading to law enforcement agencies around the world, the news will likely be a concern for Grayshift. Whether the company somehow manages to bypass Apple’s updated protections again remains to be seen.