'Graykey' Tool Used by Law Enforcement Can Only Partially Unlock iOS 18 Devices

[Jamie0003]

So glad Apple actively works to keep us safer than most.

Sure as long as it doesn’t hurt their profits. Them selling ads is worrying though

 

[foobarbaz]

Why doesn't law enforcement just get a warrant or whatever and give it to Apple to allow them to get into the phone? I believe Apple complies with these requests.

You're thinking of iCloud, not iPhones.

 

[wanha]

Why doesn't law enforcement just get a warrant or whatever and give it to Apple to allow them to get into the phone? I believe Apple complies with these requests.

Because not even Apple can get into the phone. It's like this by design. iCloud backups are a different story.

 

[wanha]

The one that demands a back door to phones? Everyone, unfortunately, has their idea of rights.

lol what?

It's like someone saying "we need legislation for the environment" and you replying "the one that demands that you can do whatever you want with the environment?"

 

[Fred Zed]

@DocMultimedia lmao what kind of insane pole-vault was that from the original comment? did you not infer that maybe @DrJR was alluding to a digital rights bill that advocates for the exact opposite of what you just described? this reeks of bad-faith/strawmanning/general foolishness

anyway, yeah, a digital privacy bill is DESPERATELY overdue in the U.S.—looking forward to seeing our next administration not care whatsoever though! Musky man gotta get that data for his self-driving cars, what better a proxy than this country’s commander-in-chief 🤠

Indeed. Also getting your mate to ban the competition from entering your market. Oh wait he did that once with Huawei. Those pesky Chinese spy phones 😉😂BS.

 

[uacd]

Disagree because you have choices. Nobody is forcing anyone to do anything or use anything.

Sure. But there are not so many choices at all in modern world. Companies must provide users with all the tools, not the small fraction of those. I will probably switch sides this time and go with Galaxy but as much as I want to there are things holding me on iOS such as facetime, airplay, airdrop etc

 

[Treq]

Why doesn't law enforcement just get a warrant or whatever and give it to Apple to allow them to get into the phone? I believe Apple complies with these requests.

If law enforcement is doing this without a warrant they are violating the constitution.

 

[TechWhisperer]

Privacy is honestly just a myth at this point. With all the data collection, surveillance, and how much we share online, it feels like true privacy doesn’t even exist anymore and it’s pretty worrisome tbh.

 

[nt5672]

Apple has repeatedly demonstrated that they don't hold the keys. iPhones are end-to-end encrypted.

If that was true then the phone would ask me to create a secure key that only I know. It does not, therefore Apple knows the keys, or how the keys are generated. In either case, they know or can find out.

 

[jasonsmith_88]

Privacy is honestly just a myth at this point. With all the data collection, surveillance, and how much we share online, it feels like true privacy doesn’t even exist anymore and it’s pretty worrisome tbh.

Worth noting that in a matter of months, all social media platforms will need to collect ID documents from Australian citizens for “age verification purposes” because there is currently no other way to verify age, and the PM wants to ban under 16s from social media prior to any technology being invented that can do this while maintaining privacy.

 

[JitteryJimmy]

Graykey, a forensics tool used by law enforcement officials to break into locked iPhones [...]

It's also used by criminals to break into people's phones, so it is important to lock this down.

 

[laptech]

People are very guidable if they believe a company who designed and developed security functions and features for their products goes around telling everyone they do not know how to break into their own security. It's laughable.

I worked in the mobile phone industry for 13 years which is why I say what Apple is saying to everyone about security is laughable.

 

[IIGS User]

I remember when courts were prosecuting people for making software that could rip a CD. There were even federal laws that criminalized circumventing encrypted media.

But apparently using software to hack into an encrypted iPhone is totally legal!

If it's done with judicial approval, it is in fact legal. Circumventing copyright protection to defraud actors and artists from being paid for their work is theft. Few people I know want to work for free. Content producers/providers deserve to be paid for their talents and creativity. Accessing a device with judicial approval and review is a totally different legal animal.

Why doesn't law enforcement just get a warrant or whatever and give it to Apple to allow them to get into the phone? I believe Apple complies with these requests.

Well, Apple certainly has plausible deniability don't they? Even with a warrant, Apple claims they can't access the phone. They do a good job of keeping the clothes on this emperor for sure.

But in the end any lock, or piece of "security" that is created by humans can be circumvented by smarter humans, or humans with more time/resources. No lock is un pickable. No safe un crackable, no vault impenetrable.

All these layers of security do is buy time and introduce a "hassle factor" that makes it difficult to obtain information.

But if you expect total operational security, the only true security is the inside of your head. As the old saying goes.

"Three people can keep a secret, if two of them are dead".

 

[GuilleA]

is 4-digit even allowed? I thought it was 6. I use a 12-character alphanumeric passcode, so I guess that will take significantly longer.

 

[GuilleA]

I believe that Apple have designed the thing so they can't comply to the request.

Because you are describing a backdoor. If Apple had any method of breaking into or disabling security on a device, it would be a breach of trust difficult to rebuild.

 

[supergt]

And we’re not hearing much from the jailbreaking crowd either these days.

That's because Apple has made it very difficult to jailbreak requiring multiple exploits on newer devices. It now takes years to jailbreak any iOS version.

 

[benwiggy]

If that was true then the phone would ask me to create a secure key that only I know. It does not, therefore Apple knows the keys, or how the keys are generated. In either case, they know or can find out.

No. An encryption key is not the same as a password.

Here's the EFF's guide to encryption.

How to: Encrypt Your iPhone

In response to the U.K.’s demands for a backdoor, Apple has stopped offering users in the U.K. Advanced Data Protection. If you are in the U.K. you will only be able to use Standard Data Protection. Encrypting the data on your iPhone isn't as simple as creating a password. Since...

ssd.eff.org

Also see here for Apple's battle with the FBI on encryption.

Apple–FBI encryption dispute - Wikipedia

en.wikipedia.org

 

[delsoul]

Apple should just build in a fail safe where if it detects tools like this it automatically wipes the entire phone, bleachbit Hillary Clinton style 👏

 

[jvchappy]

I love that Apple security engineers almost see this as a game and are coming up with super creative ways to thwart device access by govt

 

[now i see it]

Doesn’t matter what anyone tells you whether an iPhone can be forcibly unlocked or not.
We’ve been told that the iPhone is secure for 10 years and now we hear all iPhones are not.

Bottom line:
There are tools available that can unlock any iPhone on any OS, and to think otherwise is extremely foolish

 

[nt5672]

No. An encryption key is not the same as a password.

Of course, but anyone that knows the encryption key has access to the data. If I don't have the encryption key, then Apple does. Now Apple may claim that they cannot get to it and that it is randomly created, but that does not mean that Apple, which has full authority over my phone, cannot write code to get it.

The encryption key has to be stored someplace. And all someplace on my phone are accessible by Apple. So common sense negates your argument. Apple simply has not been transparent in this regard. Yes, I agree Apple marketing says it is so. But I also know that marketing often stretches the truth or outright lies when told too.

 

[splifingate]

is 4-digit even allowed? I thought it was 6. I use a 12-character alphanumeric passcode, so I guess that will take significantly longer.

Yeah; I went long-alpha-numeric years ago . . . a real pain in the buffer, but it helps make me feel better

 

[adib]

That's a great point. The programmer of DVD Decrypter on of the greatest rippers got into trouble figuring out the encryption scheme on cds and dvds. Having any government do the same for phones, infrastructure, webcams, tvs etc. gets a big yawn nowadays.

It's all about power. The parties that published DVDs have money-power and sponsored the suits on small software shops writing DVD decrypters.

DVD decryption keys are embedded in DVD players and can be extracted from them. Similar to Apple's App Store decryption keys stored in iOS devices. Hence, iOS app decryption software (and services) are available.

 

[adib]

lol what?

It's like someone saying "we need legislation for the environment" and you replying "the one that demands that you can do whatever you want with the environment?"

The "back door" of iOS devices lies in their backups. It's by design.

 

[benwiggy]

The encryption key has to be stored someplace. And all someplace on my phone are accessible by Apple. So common sense negates your argument

No. Not even Apple can access the key. That's the whole point. If you can prove otherwise, it would be headline news, and you could probably make a career out of it. And bear in mind that very clever people are testing the security of Apple's phones, for good or evil, every day.

Sadly, common sense is rarely common. Or sensible.