Apple put a feature in the first iOS 12 beta designed specifically to thwart iPhone unlocking tools that use the Lightning port to get access to the device. But Grayshift, maker of a prominent unlocking tool, says it already has a workaround.
This is good news for the many law enforcement agencies around the U.S. who’ve invested in Grayshift’s GrayKey unlocker. It’s not so good for anyone who wants to be sure their iPhone can’t be hacked.
Apple’s attempts to lock out hackers seem to have come to nought. “Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build,” reads an email from a forensic expert to Motherboard.
How GrayKey and USB Restricted Mode Works
Any iOS device can be set to limit the number of passcode attempts that can be made before the phone or tablet erases itself. iPhone unlockers like GrayKey circumvent this restrictions.
GrayKey is connected to the Lightning port on an iPhone or iPad, where it swiftly enters thousands of passcodes until the correct one is reached. This is called a “brute force” unlocking method.
A few months ago, Apple began experimenting with USB Restricted Mode. This partially deactivates the Lightning port if the device isn’t unlocked for a certain amount of time. iOS 12 beta 1 includes the most restrictive version yet, with the Lightning port partially shut down after just an hour.
But it seems Grayshift already has a way around this limitation. Or so it’s telling potential clients, anyway.
Apple vs. police
Apple says it’s not trying to lock out U.S. police, just other iPhone unlockers. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” the company recently told Reuters.
But iPhones are used in countries where police are lax about citizen rights. And the same cracking tools can be used by criminals, spies, and even unscrupulous private investigators. That’s why Apple will continue to try to make it impossible for someone to hack into any iOS device.