Apple appears to have been able to permanently block decryption technology from a mysterious Atlanta-based company whose black box device has been accepted by government agencies to circumvent iPhone passcodes.
Grayshift of Atlanta is one of two companies that claimed this could thwart Apple iPhone passcode security through brute force attacks.
The black box technology allegedly worked as Grayshift technology was seized by regional law enforcement agencies and contracts were obtained with Immigration and Customs Enforcement (ICE) and the US Secret Service] Another provider, Cellebrite, based in Israel, also discovered a possibility unlock encrypted iPhones with iOS 1
Several sources familiar with the GrayKey have said Forbes that the GrayKey device can no longer break the passwords of an iPhone with iOS 12 or higher.
iOS 12 was released by Apple last month.
The use of Grayshift De-Encrypting Device – a 4-in. x 4-in. Box with two iPhone-compatible Lightning cables – was first discovered by motherboard ; it checked public records of the police department and e-mails received from federal agencies that revealed purchases of the device. The GrayKey box could unlock an iPhone in about two hours if the owner uses a four-digit passcode and three days or more if a six-digit passcode is used. GrayKey's competitor Cellebrite has also launched its Universal Forensic Extraction Device (UFED) to law enforcement agencies, including a $ 558,000 contract signed in August with ICE, pursuant to a Freedom of Information Act request issued by Electronic Privacy Information Center (EPIC).
A request for a comment today from Apple was not returned immediately.
The UFED Cloud Analyzer Tool can unlock, decrypt and extract phone data including "real-time mobile data … call logs, contacts, calendars, SMS, MMS, media files, apps data, chats, passwords," according to the FOIA request.
The technology can also extract private information without password from private cloud-based accounts, such as Facebook, Gmail, iCloud, Dropbox and WhatsApp
In February it was reported Cellebrite found a way to encrypted iPhones unlock with iOS 11 and market the product to law enforcement agencies and private forensics companies around the world. According to a police order received by Forbes the US Department of Homeland Security had tested the technology. It was not immediately clear if the iOS 12 changes impacted Cellebrite technology.
Earlier this year, Grayshift appeared as another company that had developed a cheap black box that could unlock any iPhone; Motherboard reported that local and regional US police and the federal government had purchased the technology.
Grayshift is said to have hired a former Apple security engineer.
If the devices did not work, the police would not buy them  Nate Cardozo, a senior executive of the Electronic Frontier Foundation (EFF), a non-profit digital rights group, said earlier this year that he believes the reports the encryption of the iPhone had been cracked. Otherwise, law enforcement agencies would not buy hacking technology.
"The FBI snorted and puffed and said that we could not get into the iPhone, and then we found out that's not true … the literal night in court hearing [to decide the case] said Cardozo.
He referring to the investigation of San Bernardino gunman Syed Rizwan Farook, the FBI initially claimed it was unable to crack the code on an iPhone used by Farook.
The Department of Justice asked the courts to force Apple to: A judge granted the motion, but delayed the final decision until he heard arguments from both sides, and on the evening before a court hearing, the authorities announced that they had received help from an outside group. [19659002TheFBI'sattemptstopersuadeAppletodecrypttheiPhonewererejectedwithAppleclaimingthatintrusionintoaniPhonewassafeforeveryonewouldweakenothers
The news that two iPhone decryption methods were widely available to government agencies did not surprise the analysts who saw it as inevitable.
"There is no such thing as unbreakable encryption," said Jack Gold, principal analyst at J. Gold Associates. "The idea is to make it as hard as possible by adding code layers or long keys to decode them, but a determined decoder can crack it if you have enough tools and enough time."
The GrayKey box costs $ 15,000. This model is geofenced to a specific location and requires an Internet connection that allows up to 300 unlocks. There is also a $ 30,000 GrayKey model that can be used independently of the internet connection and offers an unlimited number of device unlocks according to motherboard .
Conversely, Cellebrite demands $ 5,000 to unlock a single iPhone Malwarebytes
EFF's Cardozo said consumers should not worry too much about iPhone cracking technology, as law enforcement agencies still receive a warrant issued by a court of law have to.
But those who deal with privacy rights should understand this once cracking technology becomes available, it is reasonable to believe that law enforcement agencies will not be the only ones to gain access.
"If you believe the only people are access to GrayKey or Celebrate, then I have a bridge to sell to you," Cardozo said.
Apple's early efforts to restrict access to law enforcement
Apple took steps to further restrict unauthorized access to locked iOS devices As a beta version of iOS 11.3, Apple introduced a feature called USB Restricted Mode.
Security software vendor Elcomsoft discovered the new feature, which was deeply embedded in the beta version of the documentation. The feature was apparently cut out of iOS 11.3 prior to release.
The documentation describes the new feature as a way to "improve security."
"For a locked iOS device to communicate with USB accessories, you need to connect accessories through the Lightning connector to the device when unlocked – or enter your device passcode during connection – at least once a week."
If an iOS device is not unlocked after seven days, the flash port of an iPhone or iPad no longer turns into a load port that blocks data connections at the USB interface level, according to Elcomsoft's description.
"The impact of Cellerbrite and GrayShift on unlocking techniques is not yet in sight," explains Elcomsoft in his blog post.
Just this week, Apple CEO Tim Cook repeated at a conference of European Data Protection Commissioners in Brussels, the company's efforts to protect the privacy of users.