Graykey: Decryption tool can partially unlock iOS 18
In connection with Apple's new reboot protection before unlocking, information has emerged about what forensics companies can do with current iPhones.
Graykey advertising image: "Regular updates for the latest versions"
(Image: Magnet Forensics)
It's an eternal cat-and-mouse game: Hackers, spies, law enforcement and their service providers against Apple's iPhone security. Now, in connection with the news that Apple has implemented special device protection in iOS 18.1, details have emerged about the abilities of a forensics company to at least partially crack iOS 18 and iOS 18.0.1. As reported by the IT news service 404 Media (paywall), leaked documents have been leaked that are said to prove this. The documents relate to the Graykey software from the provider Magnet Forensics. This has been known for years and is sold to US police authorities, among others.
Metadata and unencrypted files?
According to the leak, Graykey does not currently support iOS 18.1, at least not yet. Normally, little is leaked about such programs. Graykey was originally developed by the company Grayshift, which was itself once a victim of hackers. Its competitor Cellebrite also had to deal with leaks that revealed which devices could be hacked at the time.
According to 404 Media, Graykey has at least "partial" access to iOS 18 (released in mid-September) and iOS 18.0.1 (released at the beginning of October). What exactly this means in terms of data remains unclear. However, there had previously been a report several years ago that this included unencrypted files and various metadata, including folder structure and file sizes. It is unclear exactly how Graykey gained access to the device – presumably via the USB-C interface, although this is increasingly being sealed by Apple.
USB-C lock apparently bypassed
However, there are different levels of protection here. For example, an iPhone is best protected when it is in the "Before First Unlock" state (after a reboot). After that, parts of the system ("After First Unlock") are unlocked for technical reasons, as this is the only way to display notifications and access the apps themselves. It is therefore important to put the device into the "Before First Unlock" state, as this makes it more difficult to access data – This is exactly what Apple now achieves by forcing a reboot after 72 hours if the device has not been unlocked beforehand.
According to 404 Meida, Magnet Forensics also has a software called "AppLogic" (or a corresponding team) in its company, for which employees are also being sought. Exactly what this involves remains unclear. In any case, Graykey seems to be able to bypass Apple's USB-C lock, even though it should only be enabled for charging. Apple did not comment on the 404 Media report.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
