Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.
posted by janrinok on Monday November 25, @07:57PM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

Leaked documents reveal the secrets behind Graykey, the covert forensic tool used to unlock modern smartphones, exposing its struggles with Apple's latest iOS updates.

Graykey is a forensic tool designed to unlock mobile devices and extract data, primarily used by law enforcement agencies and digital forensics experts. Developed by the secretive company Grayshift — now owned by Magnet Forensics — Graykey has earned a reputation for its ability to bypass smartphone security measures.

The tool helps law enforcement and forensic professionals in accessing locked mobile devices during criminal investigations. It breaks device encryption and security features to retrieve personal data like messages, photos, app data, and metadata.

Graykey supports Apple and Android devices, though its effectiveness varies depending on the specific hardware and software involved. Graykey's capabilities and limitations, however, are rarely disclosed.

However, a leak of some Grayshift's internal documents was recently reported on by 404 Media. According to the data, Graykey can only perform "partial" data retrieval from iPhones running iOS 18 and iOS 18.0.1.

These versions were released in September and early October, respectively. A partial extraction likely includes unencrypted files and metadata, such as folder structures and file sizes, according to past reports.

Notably, Graykey struggles with beta versions of iOS 18.1. Under the latest update, the tool fails to extract any data, as per the documents.

Meanwhile, Graykey's performance with Android phones varies, largely due to the diversity of devices and manufacturers. On Google's Pixel lineup, Graykey can only partially access data from the latest Pixel 9 when in an "After First Unlock" (AFU) state — where the phone has been unlocked at least once since being powered on.

Andrew Garrett, CEO of Garrett Discovery, confirmed that the leaked documents align with Graykey's known capabilities. Meanwhile, Magnet Forensics and Apple declined to comment on the leak.

The leaked documents shed light on the ongoing battle between tech companies like Apple and forensic firms. Apple's frequent security updates and features, including USB Restricted Mode and iPhone rebooting after inactivity, have made unauthorized access increasingly difficult.

In response, companies like Grayshift and Cellebrite continue to develop new exploits to bypass these safeguards. While tools like Graykey may lag behind new OS releases, historical trends suggest they often catch up eventually.

Forensic experts expect the cycle of vulnerabilities and patches to persist as Apple and Google continue fortifying their systems against unauthorized access.


Original Submission

This discussion was created by janrinok (52) for logged-in users only. Log in and try again!
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: -1, Troll) by Anonymous Coward on Monday November 25, @09:37PM (3 children)

    by Anonymous Coward on Monday November 25, @09:37PM (#1383337)

    ...auto-bot aggregator AI story as Soylent News heads down to road of irrelevance to join Slashdot in death.

    • (Score: 4, Touché) by janrinok on Monday November 25, @09:40PM (1 child)

      by janrinok (52) Subscriber Badge on Monday November 25, @09:40PM (#1383338) Journal

      What are your submissions about? - I will go look for them.

      --
      I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
    • (Score: 2) by sjames on Wednesday November 27, @05:05PM

      by sjames (2882) on Wednesday November 27, @05:05PM (#1383565) Journal

      Found the Decepticon!

  • (Score: 3, Informative) by DadaDoofy on Monday November 25, @10:01PM (1 child)

    by DadaDoofy (23827) on Monday November 25, @10:01PM (#1383339)

    Update your phone early and often.

    Even if you've "got nothing to hide", they can't plant anything if they can't access it.

    • (Score: 2) by pkrasimirov on Tuesday November 26, @09:51AM

      by pkrasimirov (3358) Subscriber Badge on Tuesday November 26, @09:51AM (#1383380)

      -- I have nothing to hide!
      -- Do you want to keep it that way?

      lol good one

  • (Score: 1) by anubi on Tuesday November 26, @01:55AM (1 child)

    by anubi (2828) on Tuesday November 26, @01:55AM (#1383360) Journal

    My sister used to tell me that if we told *anyone*, it wasn't a secret anymore...

    Now, just how many people are in on how all this "secret sauce" is made?

    I've also heard it said that "security by obscurity is no security at all!".

    Now, if what we are talking about is security, we don't store it in clouds or public containers. Even a security box in a bank vault isn't all that secure. Once anyone else knows anything of it's mere existence, it's open to attack, usually successful if the attacker has sufficient resources.

    Privacy is another matter...like bathroom locks. Nobody really trusts one...it may keep most people out, but anyone who has a mindset to violate that lock can do so.

    If something is that secret between two people, they need to personally meet, no one else even aware of the meeting.

    Granted publicly available technology can be advertised as high security. It will frustrate data harvesters using commodity tools. But it is nigh impossible to thwart determined entities targeted at you. Governments. A skilled hacker. The "security" I have seen is to make it so much work to crack that it it's not worth the effort.

    Technology changes. What was extremely burdensome in the past becomes practical with newer technology. Just as we used to have problems with paper currency and printing counterfeit bank notes, I fear digital currencies will be violated and fake transactions go through...much like the worst fear of the MPAA when DVD-Jon cracked their DVD locking codes. (DeCSS).

    Don't put all your eggs in the same basket.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    • (Score: 2) by looorg on Tuesday November 26, @06:04PM

      by looorg (578) on Tuesday November 26, @06:04PM (#1383435)

      I've also heard it said that "security by obscurity is no security at all!".

      It's just that none of these modern devices qualify as or for "security by obscurity" anymore. They are all to common and normal. If you want security by obscurity now you probably have to dig up some 40-50 year old computer. Make some modern hardware attachments for extra storage and such. Then use them. None of the automated tools available today will work to retrieve information from them. They'll have to hire some kind of expert cause few or none that is young today will probably even understand how the machine works, how you interact with it or how the information is stored. Modern computing (phone or computer or whatnot) just isn't obscure enough.

      At least she didn't go with 'Three people can keep a secret, if two of them are dead'.

  • (Score: 0) by Anonymous Coward on Tuesday November 26, @04:14AM (3 children)

    by Anonymous Coward on Tuesday November 26, @04:14AM (#1383367)

    Uh huh, that all works great until the next court order or the more sinister National Security Letter with its accompanying gag order comes along. There's always an offer that Google an Apple can't refuse. And besides, there's the built in hardware key loggers... Apple's resistance is pure pubic relations theater.

    I don't know why people keep pretending that we have any kind of privacy on these things. We simply don't. Accept it and move on

    • (Score: 0) by Anonymous Coward on Tuesday November 26, @05:11AM

      by Anonymous Coward on Tuesday November 26, @05:11AM (#1383372)

      Apple's resistance is pure pubic relations theater.

      Yeh, I am p#ucked.

    • (Score: 2) by sjames on Wednesday November 27, @05:19PM (1 child)

      by sjames (2882) on Wednesday November 27, @05:19PM (#1383567) Journal

      On the other hand, I don't want some bored cop pawing through my data. Also don't want some bored 12 year old wannabee hacker pawing around.The security is meant to keep them out.

      • (Score: 0) by Anonymous Coward on Friday November 29, @01:30AM

        by Anonymous Coward on Friday November 29, @01:30AM (#1383721)

        The security is meant to keep them out.

        And it's a miserable failure in that regard also.

(1)