Documents that have surfaced indicate that the Graykey iPhone hacking tool can achieve “partial” access to iPhone 16 models, but this capability doesn’t extend to devices that are utilizing any of the iOS 18 beta versions.
Graykey serves as a competitor to Cellebrite and is designed specifically for law enforcement use. While previous leaks have revealed information about Cellebrite’s tools, this is the first instance we have come across detailing Graykey’s device access capabilities…
Cellebrite and Graykey
The two companies both produce comparable systems—hardware units and PC applications that connect to locked iPhones and exploit various vulnerabilities to retrieve data. Graykey is developed by Grayshift, which has recently rebranded to Magnet Forensics.
Cellebrite and Magnet acquire zero-day vulnerabilities from hackers who have identified security weaknesses that Apple is unaware of.
There’s an ongoing struggle between black-hat hackers, who aim to find and sell vulnerabilities for profit, and Apple along with the security researcher community, who work to identify and patch these exploits.
Both hacking firms provide their clients with compatibility tables indicating which devices can be accessed. Several instances of Cellebrite’s tables being leaked have occurred, the most recent being in July of this year. At that time, the company faced challenges unlocking most iPhones operating on iOS 17.4 or later, although the situation may have since evolved.
We have not had access to compatibility data for Graykey up until this point.
Graykey can ‘partially’ access iPhone 16 models
Apple consistently works to enhance both hardware and software security, which means the devices susceptible to these tools depend on both the iPhone model and the version of iOS it is using.
404Media has obtained documents regarding Graykey, indicating that the tool can acquire full access to iPhone 11 and “partial” access to iPhone models ranging from 12 to 16. This points to the significant hardware limitations being established by Apple starting with the iPhone 12.
The source did not acquire documents that specify the precise capabilities accessible through Graykey, leaving the meaning of “partial” unclear. It could be limited to unencrypted files or metadata for encrypted ones.
It’s important to mention that a recent update from Apple now places iPhones into a Before First Unlock (BFU) state after four days of inactivity. Once in BFU mode, all user data becomes encrypted, thereby providing law enforcement with a very narrow timeframe to respond.
All current betas defeat Graykey
The table acquired by 404Media indicates that Graykey is unable to gain any access whatsoever to even older iPhones running any of the iOS 18 beta releases. The access capabilities listed are “none” for all devices operating on any of these beta versions.
However, as the site points out, it remains uncertain whether Magnet has been actively working to breach the beta protections without success, or if the lack of sufficient resources makes it unjustifiable to pursue.
How to protect your iPhone
It’s essential to realize that both Cellebrite and Graykey tools necessitate physical access to your device, and each company asserts that they exclusively sell to law enforcement entities, resulting in very minimal risks.
Generally, the most effective way to guard against any vulnerability is to maintain your devices on the latest version of iOS—whether it be release or beta.
Keep in mind that while this is typically the best approach, there are rare occasions where newly introduced vulnerabilities may arise. This was evident in the case of the iPad mini 5, where models running iPadOS 18.0 provided only partial access, while those on iPadOS 18.0.1 allowed for full access.
Image: Magnet Forensics
FTC: We use income earning auto affiliate links. More.
