Apple’s iOS 12 can reportedly defeat passcode-hacking GrayKey box

null

Apple has, historically, never supported the idea of law enforcement accessing data stored on iPhones to help with criminal investigations. The Cupertino firm reasserted that view by adding a USB Restricted Mode when it released iOS 11.14 earlier this year.

This update disabled the Lightning port’s data functions (restricting it for charging purposes only) if an iPhone  hasn’t been unlocked in seven days, thus preventing data stored on the device from being harvested.

It was an attempt to keep tools like the GrayKey box from unlocking an iPhone. Exclusively sold to law enforcement, the GrayKey tool plugs into an Apple device’s Lightning port and is somehow able to circumvent the iPhone’s passcode to gain access to the data stored on the handset.

The failsafe, however, wasn't foolproof, with security researchers finding ways and means of getting around the security measure and unlocking data. As a result, USB Restricted Mode was further tightened with iOS 11.14.1, which shortened the unlock window from seven days to just one hour. 

Keep out

Forbes reports that iOS 12 almost completely stops GrayKey from retrieving an entire iPhone’s worth of data. Instead, it’s able to get only a "partial extraction".

This was confirmed by a police chief who said, "That’s a fairly accurate assessment as to what we have experienced."

It is, however, unclear what precise changes Apple has made to its mobile operating system to beef up security on an iPhone. According to a security expert speaking to Forbes, "it could be everything from better kernel protection to stronger configuration-profile installation restrictions".

Apple has been playing a game of cat and mouse with GrayShift, the company behind GrayKey, for a while now, and has never shied away from asserting its stance on privacy. The Cupertino firm has strongly criticized Australia’s proposed decryption law, calling it "dangerously ambiguous" and "alarming to every Australian", and that "this is no time to weaken encryption". 

Tim Cook has also spoken out publicly about the importance of privacy. Speaking at the 40th International Conference of Data Protection & Privacy Commissioners, he said that "our own information is being weaponized against us with military efficiency", affecting not just the individual, but entire societies as well.