Law enforcement may no longer be able to unlock iPhones protected with Touch ID or Face ID using hacking boxes, as the latest software update delivered by Apple renders these devices useless.
GrayKey, one of the devices that could hack into an iPhone, is no longer capable of accessing encrypted data stored on the phone.
Previously, Grayshift, the company that builds this hacking box, sold it to police authorities in the United States in order to be used on breaking into iPhones involved in criminal investigations. It was believed that GrayKey exploited an unknown vulnerability in iOS that allowed the device to extract the full contents of an iPhone even if a password was put in place.
However, it looks like Apple has finally discovered the security that GrayKey was taking advantage of, and the most recent iOS 12 update patches it.
Hacking box no longer effective
This means the hacking box can only extract data that is not encrypted on an iPhone and which does not include personal user files. A report from Forbes indicates that information like metadata, file sizes, and folder structures remain available to GrayKey.
While Apple has remained completely tight-lipped on its efforts to block GrayKey, Minnesota Police Captain of Rochester, John Sherwin, said in a short statement that the device can no longer extract files from iPhones updated to the latest version of iOS.
“That’s a fairly accurate assessment as to what we have experienced,” he briefly stated.
Grayshift’s efforts to break into iPhones will probably continue despite Apple allegedly resolving the exploited vulnerability, so it remains to be seen whether hacking boxes would still be effective on iPhones.
In the meantime, Apple keeps pushing for further security improvements on its devices, and iOS 12 comes with a dedicated option that would block hacking tools like GrayKey from connecting to an iPhone when the phone hasn’t been unlocked within the last hour.