Apple Just Killed The 'GrayKey' iPhone Passcode Hack

Apple's newest version of iOS has rendered the GrayKey hacking tech useless, a report said Wednesday. How Apple pulled it off wasn't immediately clear, but it would have a huge implication for the law enforcement agencies around the world that have relied on GrayKey to break into locked iPhones. Forbes reports: Apple has put up what may be an insurmountable wall. Multiple sources familiar with the GrayKey tech tell Forbes the device can no longer break the passcodes of any iPhone running iOS 12 or above. On those devices, GrayKey can only do what's called a "partial extraction," sources from the forensic community said. That means police using the tool can only draw out unencrypted files and some metadata, such as file sizes and folder structures.

Previously, GrayKey used "brute forcing" techniques to guess passcodes and had found a way to get around Apple's protections preventing such repeat guesses. But no more. And if it's impossible for GrayKey, which counts an ex-Apple security engineer among its founders, it's a safe assumption few can break iPhone passcodes. Police officer Captain John Sherwin of the Rochester Police Department in Minnesota said of the claim iOS 12 was preventing GrayKey from unlocking iPhones: "That's a fairly accurate assessment as to what we have experienced."

Go, Apple!

[TheFakeTimCook]

Apparently STILL the only phone OEM STILL looking out for the USER'S Privacy...

Re:Go, Apple!

[DigitAl56K]

Apparently STILL the only phone OEM STILL looking out for the USER'S Privacy...

Is that true?

Does anyone know how Pixel stands up against like tools?

Re:Go, Apple!

[Highdude702]

Its a phone made by google. I wouldn't bet too much on privacy. Who knows about encryption though..

Re:Go, Apple!

[known_coward_69]

last I read, only IOS had the entire file system encrypted

Re: Go, Apple!

[MachineShedFred]

Hilarious to see people bashing apple for positioning data security over fashion.

GTFO.

Re:Go, Apple!

Mayhap.

I'm thinking though (unfortunately), that Grabkey has another exploit sitting on the shelf, waiting. And since they probably get fed info from the NSA and Mossad and who knows else, in order to assist law enforcement via Grabkey.. they might have some nice pre-0-days waiting on that shelf.

If so, Apple might need to step it up a bit, in order to keep ahead of them. Not really blaming Apple here... but it might sadly be the truth.

Re: Go, Apple!

[saloomy]

The anonymous ass-hat is exhibiting confirmation bias. He can't believe in such an important decision like which $1000 phone to purchase, he made the wrong choice. He isn't mentally equipped to say "hmm, maybe I should have made a different choice. The other ones are far more concerned with my privacy than the one I chose."

He has no argument to stand on, so he throws feces around hoping no one will judge his bad decisions

Re:Go, Apple!

[Raistlin77]

It's Android. From Google. It was compromised before you even opened the box.

Re: Go, Apple!

Lol, i like how they use words like "insurmountable".

If it's patched in software, it's broken in software.

Even assuming that the article is true, the fact that you can still extract metadata on a locked device?!?

The vulnerability is still there. I have no idea why words like unbreakable were used when it's still a huge issue.

You should be able to get NOTHING out of a locked device asides from what kind of device it is ... and even then, that's being generous.

Android devices refuse to even appear on a computer unless the phone is unlocked, provide zero opportunity for even gathering metadata.

Re:Go, Apple!

[Riceballsan]

depends on who you are meaning privacy from. Microsoft is huge on handing things over to big G without permission, google historically gives the absolute minimum required by law. Google absolutely sucks at privacy in terms of what they keep for themselves, but for the most part they aren't eager to hand it out.

Re:Go, Apple!

[Highdude702]

Either... Unfortunately that sounds like most companies these days. Its hard out here in the streets of the interweb.

Re:Go, Apple!

No, they are just removing the competition. Apple wants you to believe your data is secure, while they exclusively mine your data.

Re:Go, Apple!

[Cmdln+Daco]

Its Closed Source. From Apple. And the iGadgets are known to send packets of encrypted data to Apple servers when linked to a wifi connection.

What's in the big packets? Who knows? It's encrypted.

You can trust Apple. You know you want to trust Apple. Just do it.

Re: Go, Apple!

Funny that they're able to extract information from it if the whole file system is encrypted.

Re:Go, Apple!

Your hysterically wrong. But keep shilling.

Re: Go, Apple!

Apple still collects user info/data [1], they just don't sell ads. The collected info is still at risk from court orders and hackers.

[1] https://www.google.ca/search?q=iphone+unlocked+touchid+times+per+day&oq=iphone+unlocked+touchid+times+per+day

Re:Go, Apple!

[TheFakeTimCook]

Apparently STILL the only phone OEM STILL looking out for the USER'S Privacy...

Is that true?

Does anyone know how Pixel stands up against like tools?

Well, considering there isn't such a tool for Android phones, I'd say that is your answer.

Re:Go, Apple!

[TheFakeTimCook]

Its Closed Source. From Apple. And the iGadgets are known to send packets of encrypted data to Apple servers when linked to a wifi connection.

What's in the big packets? Who knows? It's encrypted.

You can trust Apple. You know you want to trust Apple. Just do it.

What "big packets?

Define "Big"

Define the frequency.

I'll wait.

Re:Go, Apple!

Already bypassed.

Re:Go, Apple!

[Paradise+Pete]

You can trust Apple. You know you want to trust Apple. Just do it.

Of course you can't trust them. But you can distrust them less.

Re: Go, Apple!

[sg_oneill]

It's an option. Some users prefer not to so as to parse backups for files. Or at least it used to be, not sure now

Re:Go, Apple!

[AmiMoJo]

Are there any high end phones that aren't encrypted by default now? Has anyone cracked the latest Galaxy S or Pixel phones?

Apple is obviously the biggest target and thus gets the most attention from crackers.

Re:Go, Apple!

[pgmrdlm]

Starting with iOS 4, Apple included a âoedata protectionâ feature to encrypt all data stored a device. But unlike Android, Apple doesn't use the full-disk encryption paradigm. Instead, they employ a file-based encryption approach that individually encrypts each file on the device.Nov 24, 2016

https://www.google.com/search?q=does+android+encrypt+file+system&ie=utf-8&oe=utf-8&client=firefox-b-1

Re:Go, Apple!

When is the last time you read about the FBI taking an Android manufacturer to court because they could not break into the phone? That's right, you haven't, because the FBI has never had the need.

Re:Go, Apple!

[TheFakeTimCook]

Are there any high end phones that aren't encrypted by default now? Has anyone cracked the latest Galaxy S or Pixel phones?

Apple is obviously the biggest target and thus gets the most attention from crackers.

Doesn't that statement fly directly in the face of all you Slashtards CONSTANTLY crowing about how ANDROID has the most marketshare, and thus would also be the BIGGEST TARGET?

You idiots are just like Trump: You'll say ANYTHING to advance whatever LIE du jour...

Re:Go, Apple!

[AmiMoJo]

iPhones are the most common type of phone that law enforcement are likely to encounter, simply because there are so few models and they all share common software. After that it's probably Samsung Galaxy phones.

Overall Android is the large majority of the market, but there are so many different handsets all with different techniques needed to unlock them, if it can be done at all...

Re:Go, Apple!

Or it may be that, at least in the US, Android is typically used by those "nerdy types", while Apple is used by non-tech people. Most criminals are probably going to be non-tech types, and thus more likely to use Apple. But hey, who doesn't love a good conspiracy theory.

Re:Go, Apple!

[TheFakeTimCook]

iPhones are the most common type of phone that law enforcement are likely to encounter, simply because there are so few models and they all share common software. After that it's probably Samsung Galaxy phones.

Overall Android is the large majority of the market, but there are so many different handsets all with different techniques needed to unlock them, if it can be done at all...

Nice try.

Bullshit.

Re:Go, Apple!

lol - no such thing as privacy on the internet or in public.

In the end, however, won't matter - as greykey can still get filenames and some metadata. Any of which points to a crime being committed makes it easier for them to get a judge to tell the owner to unlock the phone or be held in contempt.

Re:Go, Apple!

[AmiMoJo]

https://deviceatlas.com/blog/m...

Top 9 best selling phones in the US are iPhones.

Re:Go, Apple!

[TheFakeTimCook]

https://deviceatlas.com/blog/m...

Top 9 best selling phones in the US are iPhones.

Fascinating to see you try to refute the attitude of all Fandroids on Slashdot... When it suits your purposes.

Re:Go, Apple!

[TheFakeTimCook]

Starting with iOS 4, Apple included a âoedata protectionâ feature to encrypt all data stored a device. But unlike Android, Apple doesn't use the full-disk encryption paradigm. Instead, they employ a file-based encryption approach that individually encrypts each file on the device.Nov 24, 2016

https://www.google.com/search?...

Yep, that's an option in APFS, which iOS uses.

Re:Go, Apple!

I wouldn't trust a Pixel phone to be able to stand up to GOOGLE.

Given that FBI types tend to have a corrupt judge on speed dial, a lawful warrant is never more than a phone call away. "Ah, I see you have a lawful warrant. Let me just remotely unlock that pho- There you go, done. While I'm at it, here's a link to everything we have on file. It's about 15 gigs worth of info so I can't just email it do you."

For now

For now.

Re:For now

[Joe_Dragon]

till the find the china backdoor that apple put in.

Re:For now

[bob4u2c]

Exactly. You want a secure phone that nobody can hack, they don't exist!

Whenever you save or do something on your phone, take a moment to think: can this be used against me? If it can, don't save or do it!

And just to throw the police off create a bunch of files like "masterUSPlan.doc" with nothing but wombat images. Then when asked about the "wombats" you know they have dug into your phone and you can tell them all about how wombats have ruined your life.

Re:For now

[SuperKendall]

As opposed to the wide-open China front door that Google put in Android.

Re: For now

[StikyPad]

Fuck, man, how did you know about the wombats??? Are you working for them? They're INSIDE THE HOUSE now. I can hear them in the walls. Nobody believes me!!

They didn't render it 'useless'

They rendered it obsolete. It has merely been depreciated for something new and improved.

Good!

I don't like apple, but at least there is a company that is willing to stand up for privacy and encryption.

Still pretty useful to police

[SuperKendall]

It still could be useful to pull out some un-encrypted content - I think maybe recent photos would not be encrypted for example, and any app that did not specify to encrypt app storage with app not active would not have encrypted databases either (though many do).

Not sure if the contact database would be encrypted, but probably...

Re:Still pretty useful to police

No, all "content" is encrypted. It's the meta data (file sizes, folder structure) that is unencrypted.

No photos, videos, etc, are left unencrypted.

Re:Still pretty useful to police

Actually, the article is likely a bit off about that. The iPhone uses encrypted APFS, you shouldn't be able to get much other than "yep, there's a file system there".

Re: Still pretty useful to police

[MachineShedFred]

When you activate a PIN / Touch ID / FaceID it uses the computed has as an encryption key for the entire user filesystem. Everything gets encrypted, and has for years.

Re: Still pretty useful to police

[saloomy]

No, not exactly. But close.

Those hashes are used to reverse a hash of a master key for your system which unlocks the file system. That way, both that hash and your pin code work. You need a master key, and then your authentication vectors re-encrypt the master key. You therefore have multiple avenues of logging in and authenticating, because each way provides you with a key you can unlock

Re:Still pretty useful to police

For 6+ year, everything on iOS is encrypted all the time and you can't turn it off.

All that changes is policy around how the key material is managed - some of that policy is mandatory access controls and some of it is discretionary.

Re: Still pretty useful to police

Apple just needs to add a delay loop, or costly computation, and also present a false file structure for wrong keys, that when used, add wait out periods. That will slow them.

Re:Still pretty useful to police

[gnasher719]

No, all "content" is encrypted. It's the meta data (file sizes, folder structure) that is unencrypted.

Everything is encrypted at least with a key built into the CPU, and a key stored on the flash drive. The key on the flash drive means that the whole iPhone can be erased in a millisecond by erasing that key. _Most_ things use the passcode as an additional key.

Things that don't use the passcode are those that Apple wants to be available even if you don't unlock your phone. For example, you can _take_ photos without unlocking the phone, and those photos could be extracted until you unlock your phone and then they get encrypted. Photos taken while the phone is unlocked are encrypted immediately.

Welcome!

[bmimatt]

Today's edition of slashdot: "Everything mobile - phone edition"

Re:Welcome!

Nobody uses desktop computers anymore, grandpa.

Re:Welcome!

[Cmdln+Daco]

Only the people in charge use desktop computers, junior.

Including the people who write the 'apps' they allow you to run on your little gadgets.

Re:Welcome!

OK Uncle Bob, we've moved onto tablets with keyboards!

THERE WILL BE CONSEQUENCES FOR YOUR LIES KEN DOLL

THERE WILL BE CONSEQUENCES FOR YOUR LIES KEN DOLL

Filter error: Don't use so many caps. It's like YELLING.

THERE WILL BE CONSEQUENCES FOR YOUR LIES KEN DOLL

THERE WILL BE CONSEQUENCES FOR YOUR LIES KEN DOLL

Filter error: Don't use so many caps. It's like YELLING

Don't forget about the baseband

I couldn't give a shit about what security features an operating system claims to offer when I own the baseband...

Re: Don't forget about the baseband

Owned baseband still can't access encrypted user storage without the OS letting it, and that's what the LEOs want.

Is GreyKey stopped at that level, that is question

[SuperKendall]

Actually, the article is likely a bit off about that. The iPhone uses encrypted APFS, you shouldn't be able to get much other than "yep, there's a file system there".

What I was getting at is that I thought GreyKey was still getting past the basic whole file system encryption, but that it was stymied getting to individual app files that had been encrypted until the app opened...

That's how I read it anyway, otherwise why even bother to mention GreyKey could "still access unencrypted files" if it couldn't even get to the filesystem? It implies it can see some files at all.

Could just be bad wording on the part of the summary or article but the fact it mentions files makes me suspect it can still get into the filesystem.

They also fixed "noisy wired headphones" issue

Maybe related to this improvement.... I noticed that my earbuds no longer initiate "voice command" when they produce static... This previously was listed as "unfixable" on the support.apple.com forum. Basically... the voice command interrupt was only fixed by replacing the earbuds. That's no longer the case... you can plug in staticful wired earbuds and nada... coincidence?

If I were a tech savvy terrorist

[taustin]

I'd be wondering right now whether they actually can't crack my iPhone, or if they're just saying that so that I will keep using it, thinking it's "safe."

Re: If I were a tech savvy terrorist

Wait a few weeks, they'll reactivate greykey. Soon enough.

Adding these padding months provide delay discovery

Re:If I were a tech savvy terrorist

If you were a tech-savvy terrorist then you would just use some generic encryption program instead of trusting some OS and hardware to do things automatically for you. MS-DOS is a good enough OS as long as you remember to use PGP.

Re:If I were a tech savvy terrorist

[Cmdln+Daco]

MS-DOS isn't really good enough, because the communications has to sit somewhere on the machine queued up for the PGP program to encrypt.

Re: If I were a tech savvy terrorist

This could be theoretically fixed by creating a smart charging cable for the iPhone. When you pair your charger with your iPhone the first time, it creates a key pair that still requires a passphrase, whatever so as to prevent thieves or others from accessing your phone. Any other charger will render the device erased and ready for re-setup, I for one would use it since I don't share chargers with anyone. If the charger has been tampered with, you cannot use it, the iPhone will reject it and you must pair another once the phone is unlocked.

Re:If I were a tech savvy terrorist

[stealth_finger]

I'd be wondering right now whether they actually can't crack my iPhone, or if they're just saying that so that I will keep using it, thinking it's "safe."

If I were a terrorist I wouldn't be keeping anything on my phone, i or otherwise.

Re: If I were a tech savvy terrorist

i have ipv6-compatible ethernet cables that do this. very secure.

Re:If I were a tech savvy terrorist

[Dixie_Flatline]

If you were a tech savvy terrorist, you would've started using a much longer passcode a long time ago. The system only worked quickly on 4-digit passcodes (6.5 minutes), and 6-digit codes were reportedly up to 11 hours, which is 660 minutes or 10 times longer. Even if we assume that simple pattern held (every 2 digits increases the time by a factor of 10), a 10 digit code would be 1100 hours or 45 days, and a 14 digit code would be 12.5 years. In all likelihood, the rate of increase was considerably worse than that.

Really, this system only worked on complete dummies that were doing crime with a phone that just came out of the box. They deserved to get caught.

Re:Is GreyKey stopped at that level, that is quest

Nope. Of course goosesteppers like yourself can still hope.

Re:Let's keep the bombers secure

[fattmatt]

LOL

Already blocked since iOS 11.4.1?

[manu0601]

I thought they already addressed Graykey in iOS 11.4.1

Re:Already blocked since iOS 11.4.1?

And from what I've read, GK cannot really handle passwords over 12 characters w/o it taking forever and a day to crack them. 6 is the bare minimum. 12+ is recommended.

Re: Let's keep the bombers secure

Too bad. The phone can't tell the difference. So you can have security, or you can pretend that accessing a phone in the physical possession of police has ever or will ever lead to the prevention of any kind of terrorist attack.

I know which one I'll choose, and it's not letting cops have access to anything they want. I'm giving up absolutely nothing and gaining more freedom. You would give up freedom to gain nothing.

Re:Is GreyKey stopped at that level, that is quest

[tlhIngan]

What I was getting at is that I thought GreyKey was still getting past the basic whole file system encryption, but that it was stymied getting to individual app files that had been encrypted until the app opened...

That's how I read it anyway, otherwise why even bother to mention GreyKey could "still access unencrypted files" if it couldn't even get to the filesystem? It implies it can see some files at all.

Could just be bad wording on the part of the summary or article but the fact it mentions files makes me suspect it can still get into the filesystem.

That's because people assume GrayKey is a magical box that you plug in and have full access to the device. It's not even close to how it works.

First, it basically does a tethered jailbreak - and injects a special app because of it. (Jailbroken apps have full access to the system - that's the original meaning of the "jailbreak" - the app could break out of the OS jail it was put in to run). This app uses those abilities to crack the device PIN. Once the PIN is broken you take the phone and connect it to a PC and use it download all the data.

What happened now is Apple changed things around that it can no longer crack the PIN - so either Apple patched the flaw that lead to the jailbreak, or fixed things that the injected app can't do the PIN search anymore. Thus the injected app only has the permissions a regular app has and access to whatever the OS allows it. Those are the limited "unencrypted" files. Likely it also cannot access the screen and thus you cannot answer the "App wants permission to access photos" dialogs as well to access photos.

MORE THEATRE FOR THE MASSES

More propaganda for the mass of couch potatoes.

Next your be telling me Obama got the Nobel Peace Prize.

Re: THERE WILL BE CONSEQUENCES FOR YOUR LIES KEN D

Barbie: No means NO. #metoo

Re:Is GreyKey stopped at that level, that is quest

[gnasher719]

What I was getting at is that I thought GreyKey was still getting past the basic whole file system encryption, but that it was stymied getting to individual app files that had been encrypted until the app opened...

Nobody ever got past the encryption. People managed to find the passcode - and if you have the passcode then you can unlock the phone and access all the files on it.

Finding the passcode could be done in theory by trying out all passcodes. Apple prevents this or tries to prevent this by making you wait longer until you can try another passcode; more than an hour after ten attempts. Or you can set up your phone to erase everything after ten wrong attempts. _That_ protection is what they got around.

But you can protect your phone: Trying a passcode takes 80 milliseconds _even if you got around any protection that Apple puts into place_. With a 6 digit passcode, that's a million combinations, it takes 80ms times a million to try all combinations, that's a bit less than a day. So you take ten digits, or eight letters and digits, and nobody can get in in your life time, independent of what Apple is doing.

Of course what they are doing now makes sure that you cannot even crack a phone with a 4 digit code.

Bad Times at the El Royale

[itguy01]

I guess now they have to follow the law and get warrants. This is one of many reasons I am an Apple customer, they have their customers backs and want to make sure they deliver a secure, reliable product.

Re: THERE WILL BE CONSEQUENCES FOR YOUR LIES KEN D

So "no means no" but then you say "pound me too". Talk about mixed signals..

But if they have physical access of the phone

Something I've never quite understood in all these stories. If someone has physical access to the phone that means they can theoretically bypass the phone itself and connect directly to the storage media. Then, if you know for example the length of the possible password, and have reverse engineered the code the phone itself uses to access encrypted data (or even have access to the phone's original source code), can't you just build a tool that brute force applies passwords and reads data from the storage media until the data is apparently valid?

I get where the phone's OS starts imposing longer and longer times between invalid passwords, but if you're not using the phone's OS for access, then the only thing stopping the access is the encryption itself.

What am I missing here?

Re:But if they have physical access of the phone

[andymadigan]

I think the PIN/password is used to access the master key, which is kept in the Secure Element in the CPU silicon. The master key has far more possible values than the PIN - probably 256-bit. The Secure Element is presumably designed to make it impossible to directly extract the master key.

So, when iOS wants to decrypt the hard drive it first has to retrieve the master key using the PIN.

Re:Is GreyKey stopped at that level, that is quest

[SuperKendall]

Thanks, I wasn't sure just what GreyKey was doing. Then I guess the idea they could "access unencrypted files" is just totally wrong, as there are none without a filesystem...