Shifting the balance of the encryption battle back in Apple's favor, iOS 12 has reportedly disrupted one of the most popular digital forensics tools, Grayshift's GrayKey.
Grayshift's GrayKey device | Source: MalwareBytes
GrayKey is unable to crack the passcodes of iPhones running the new software, sources in the forensic industry told Forbes. The only possibility is a "partial extraction," meaning the downloading of unencrypted files and metadata such as filesizes and folder structures.
It's even unclear what Apple did to improve security. "It could be everything from better kernel protection to stronger configuration-profile installation restrictions," said Elcomsoft's Vladimir Katalov.
The GrayKey hardware uses a form of "brute forcing" to run through iPhone passwords, and with previous iOS releases was somehow able to defeat Apple's safeguards against the tactic. It's now in use with law enforcement in multiple countries, including the U.S. and the U.K.
Apple and Grayshift have been engaged in a never-ending race to defeat each other's technology. In June for example Grayshift was quick to announce that it had already bypassed iOS 12's USB Restricted Mode, which, once a certain amount of time has elapsed, prevents devices from connecting to an iPhone or iPad without a user login.
Around the world, police and spy agencies have worried about communications "going dark," arguing that full-disk and end-to-end encryption methods are allowing terrorists and other criminals to operate outside their reach. Apple, other tech companies, and various activist groups have countered that people have a right to privacy, and that creating government backdoors would weaken security and leave people vulnerable to hacks.
At an event in Brussels on Wednesday, Apple CEO Tim Cook called security "foundational to trust and all other privacy rights," and pushed for a U.S. privacy law that would better anonymize data collection and give people more control over their information.