Grayshift Says It Already Beat Down And Cracked Apple's iOS 12 USB Restricted Mode

Apple wants to make it harder for anyone to gain unauthorized access to iPhones with a new USB Restricted Mode in iOS 12. That move infuriated law enforcement as it meant that the GrayKey iPhone hacking tool (and others from Cellebrite) used by authorities to crack iPhones would be useless. Grayshift, the company behind GrayKey, didn’t take Apple's new restrictions lying down.
iphone 52

Grayshift went on the offensive and has been actively working to crack Apple's new USB Restricted Mode, and the company is now claiming victory. If you haven’t been following USB Restricted Mode, the feature locks out USB accessories from communicating with an iPhone if the device hasn't been unlocked within the past hour.

That effectively blocks any data transfer to or from a USB accessory, such as GrayKey, if the iPhone hasn't been recently unlocked. This would mean that law enforcement trying to access the phone as part of a legal investigation would have to tap into an iPhone almost immediately. What they need to do in the case of the GrayKey device is brute force the password in an hour, something that is unlikely to happen.

grayshift graykey
Grayshift GreyKey iPhone hacking box

Grayshift confirmed that it had been able to bypass this restriction in an email published by Motherboard. The email states, "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on."

Grayshift isn’t offering any detail on how it was able to defeat the feature. You can bet with word of the defeat making the rounds that Apple will be working on its end to figure out what happened. Apple maintains that it didn’t design the USB Restricted Mode feature to specifically thwart law enforcement.

"We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data," Apple said in a statement. "We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs."

(Image courtesy MalwareBytes)