A tiny US company called Grayshift is reportedly quietly touting software it claims can unlock Apple’s flagship handsets, the iPhone X and 8.
This follows a similar claim by Israeli company Cellebrite last week which, it later emerged, was good for every iPhone up to the latest version of iOS, 11.2.6.
That’s two iOS unlocking stories in a few days, both based on anonymous sources talking to the same journalist.
Naked Security has already looked at the Cellebrite claims, so how does this latest one stack up?
The important questions: under what conditions can unlocking be achieved, how was it achieved in the first place, and what might Apple do in response.
According to Grayshift’s reported marketing materials, the iPhone X and 8 unlock tool is called GrayKey, which costs $15,000 for the 300-use online version or double that for unlimited use offline.
In addition to unlocking iOS 11, the company says the tool can also tackle iOS 10 devices, with support for iOS 9 not far off, which puts it on par with Cellebrite.
The story’s details aren’t crystal clear but the phrase “unlocking” appears to mean what one would assume – access to data stored on the device.
If the claims are true, it’s possible they’ve found a way around Apple’s Secure Enclave, a system-within-a-system chip introduced with the iPhone 5s onwards to secure encryption keys independently of the OS itself.
Researchers have speculated about how this might be attacked in the past but it would probably require more than simply firing up an unknown iOS-themed exploit or two.
It is also not clear how much of a barrier Apple’s passcode restrictions might still be (i.e. wiping the device after 10 incorrect passcodes, increasing the time between guesses) to GrayKey customers.
Intriguingly, GrayShift claims its software will work against disabled iPhones, which is one of the states an iPhone can enter if a passcode is entered incorrectly too many times.
It appears that as long as they have physical access to an Apple device and enough time, the FBI (and presumably other agencies), can probably find a way to access its data some or most of the time.
This is not something criminals could use against Apple users for a remote compromise. Until more details emerge it’s impossible to be more specific than that.
Meanwhile, as suggested in our previous look at this story, setting a passcode longer than six digits is always a good idea.
The next part of this story will centre around how long Cellebrite and Grayshift will be able to keep secret any vulnerabilities they’ve found in Apple’s security.
Most likely, someone will either discover and publish the vulnerabilities independently, or Apple will get wind of them by other means.
Source : Naked Security