Here’s how Apple is fighting GrayKey iPhone unlocker

By

GrayKey can bypass iPhone security
iPhone unlockers are blocked if a week goes by without the correct passcode being entered.
Photo: Ed Hardy/Cult of Mac

Apple hasn’t found the security holes that iPhone unlocking tools use, but iOS 11.3 took a step that makes these cracking devices less useful. Police now have a limited amount of time to circumvent the user’s passcode before it becomes impossible.

This is part of an ongoing struggle between Apple and law enforcement agencies. The iPhone maker wants to protect the privacy of users, while police want access to information stored on devices used in crimes.

News of the iOS change came from Braden Thomas, who once worked for Apple but has since switched allegiance to Grayshift, maker of the Graykey iPhone unlocker. According to Motherboard, Thomas sent a note to those who have purchased a Graykey  warning that this hacking gadget is blocked from accessing an iPhone a week after it was last used by its real owner.

Thomas’s note reads, “Starting with iOS 11.3, iOS saves the last time a device has been unlocked (either with biometrics or passcode) or was connected to an accessory or computer. If a full seven days (168 hours) elapse since the last time iOS saved one of these events, the Lightning port is entirely disabled.”

Affecting all iPhone unlockers

Apple’s move likely won’t just block GrayKey. Rival Cellebrite is more secretive about methods, but they probably also involve connecting to the iOS device’s Lightning port.

It not yet clear if this will inconvenience iPhone or iPad users in any way. It seems unlikely. If anyone who hasn’t used their device in over a week discovers that the Lightning port has stopped working, all that’s necessary to reactivate it is enter their passcode.

Anyone who wants to make their iPhone (relatively) safe from iPhone unlockers only needs to use a very strong passcode, which iOS allows.