Apple blocks GrayKey police tech in iOS update

Reports suggest the data-slurping tool has been rendered useless -- but no-one knows how.

Apple has managed to stop the law enforcement tool GrayKey from working with modern iOS devices -- but we do not know how this has been achieved.

According to Forbes, the developers of the tool, Atlanta-based Grayshift, have been stopped in their efforts to crack the encryption of Apple iPhones.

The company offers the GrayKey tech to law enforcement in order to break the passcodes of iPhones, including the latest flagship models such as the iPhone X.

However, it seems Grayshift may have been stopped from making these claims any longer concerning its most well-known toolset -- at least, for now.

Sources familiar with the matter told the publication that GrayKey can no longer crack the encryption of any iPhone which is operating on iOS 12 or above.

CNET: Cathay Pacific breach leaks personal data on 9.4 million people

The tool is not rendered completely useless, however, as it is still able to exfiltrate some data, such as a handful of unencrypted files and metadata which has no relevance to police investigations -- including file sizes and data relating to file structures.

Police officer Captain John Sherwin of the Rochester Police Department, Minnesota, confirmed to Forbes that this was the case, saying "that's a fairly accurate assessment as to what we have experienced."

It is not known how Apple has countered GrayKey, which was able to brute-force iPhones to obtain passcodes without triggering the tech giant's anti-brute-force protections.

There may have been a zero-day vulnerability or attack chain which permitted brute-force attacks which have been patched; stronger kernel protections may be in place, or Apple may have developed additional, new layers of security at the software level.

TechRepublic: Pennsylvania elections bring back paper ballots to improve security and auditability

There is one feature which was introduced in iOS 12 which could be the reason why GrayKey no longer works. Known as USB Restricted Mode, the feature requires users to unlock their device after an hour of inactivity to connect a USB accessory -- unless the USB connection is to a charger.

See also: Apple iOS 12 security update tackles Safari spoofing, data leaks, kernel memory flaws

This week, Apple CEO Tim Cook told attendees at the 40th International Conference of Data Protection and Privacy Commissioners in Brussels that a global privacy "crisis" is real, and "our own information, from the everyday to the deeply personal, is being weaponized against us with military efficiency."

Cook also warned that the mass collection of data -- such as through social media networks and online services -- is amounting to surveillance in action.

ZDNet has reached to Apple and will update if we hear back.

Previous and related coverage