Nov 21, 2024 06:00:00

Graykey, a smartphone unlocking tool used by law enforcement agencies, can retrieve partial data from an iPhone 16 running iOS 18

Graykey , a smartphone unlocking tool, is used by law enforcement agencies around the world to conduct criminal investigations. Documents obtained by 404 Media, an overseas media outlet, revealed that Graykey can also obtain 'partial data' from the iPhone 16 series equipped with iOS 18 , which will be released in 2024.

Leaked Documents Show What Phones Secretive Tech 'Graykey' Can Unlock
https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/

'Graykey' Tool Used by Law Enforcement Can Only Partially Unlock iOS 18 Devices - MacRumors
https://www.macrumors.com/2024/11/19/graykey-ios-18-partial-unlock/

What Graykey iPhone hack tool can unlock
https://appleinsider.com/articles/24/11/19/leak-what-law-enforcement-can-unlock-with-the-graykey-iphone-hacking-tool

Huge leak reveals what iPhones and Androids the secretive tech tool Graykey can unlock - Neowin
https://www.neowin.net/news/huge-leak-reveals-what-iphones-and-androids-the-secretive-tech-tool-graykey-can-unlock/

Graykey is a smartphone unlocking tool developed by the American venture Grayshift, and it was reported that the US State Department purchased Graykey in 2018. At the time of writing, Grayshift is owned by digital forensics company Magnet Forensics .

Magnet Forensics has shared very little information about Graykey, including details about what types of smartphones it can unlock and what operating systems it supports.

This time, 404 Media obtained a document that explains the secret Graykey's functions and released the contents. The table below shows the types of iPhones and OS that Graykey can unlock. It is said that 'Partial' data can be obtained from iPhone 12 to 16 series if the device is equipped with iOS 18.0 or iOS 18.0.1. On the other hand, for iPhones equipped with the beta version of iOS 18.1 , which was just released on October 28, the data is all 'None.'

by 404 Media

Data extraction from Android smartphones varies by device and manufacturer. For example, Google's Pixel 9 smartphone can retrieve 'partial' data if it is in the 'After First Unlock' (AFU) state, which means it has been unlocked at least once since being turned on.

It's unclear what 'partial' data means, but Graykey could potentially allow law enforcement to obtain unencrypted files, file size information, folder structures, and more.

The leaked documents shed light on the cat-and-mouse game between digital forensic companies exploiting smartphone vulnerabilities and tech companies trying to plug security holes. For example, iOS 18.1 includes a ' restart on inactivity ' feature that automatically restarts a locked iPhone after a certain period of time. The purpose of this is to turn off biometric authentication by releasing the AFU state and returning to 'Before First Unlock' to improve the security of the device.

Reverse engineering reveals the mechanism behind the 'restart when inactive' feature in iOS 18.1 - GIGAZINE