Your iPhone just got a little more secure — assuming you've updated to iOS 12, that is.
Following reports earlier this summer that Apple planned to release a software update that would combat the phone-hacking device, sometimes used by police, known as GrayKey, Forbes has confirmed that the Cupertino-based company has done just that. While it's not a 100 perfect lockout to the cops, the update goes a long way toward further protecting iPhone owners from invasive government snooping.
But first, some background. The GrayKey device, a physical machine manufactured by the Atlanta-based Grayshift, was able to get around iPhone PINs to unlock phones seized by police. Somehow, the device could bypass Apple's prohibition of multiple password guesses. This allowed the GrayKey to enter codes in rapid succession until the phone unlocked.
According to Apple Insider, researchers estimated that it took the device around 11 hours to unlock a phone with a six-digit passcode. A four-digit code could be hacked in this way in as little as six and a half minutes.
Two different versions of the machine sell for $15,000 and $30,000, with the latter reportedly good for unlimited unlocks.
Or, at least it used to be. Forbes notes that "[multiple] sources familiar with the GrayKey tech" confirmed that "the device can no longer break the passcodes of any iPhone running iOS 12 or above."
There is, however, an important caveat: The GrayKey can still access some data on the phone. Specifically (again, according to Forbes), "police using the tool can only draw out unencrypted files and some metadata, such as file sizes and folder structures."
And while that's not perfect, it's better than the unfettered access a full unlock would previously get them.
Nicholas Weaver, a senior staff researcher at the International Computer Science Institute, wrote that it "[sounds] like Apple patched whatever secure-enclave exploit that GrayKey used to do the on-chip brute force attack."
Although, to be clear, this appears to be speculation on his part.
Sounds like Apple patched whatever secure-enclave exploit that GrayKey used to do the on-chip brute force attack. https://t.co/BNhfIYzYWk
— Nicholas Weaver (@ncweaver) October 24, 2018
Either way, this news is cause for celebration among privacy advocates. It also, of course, is cause for consternation among law enforcement.
But with Apple CEO Tim Cook taking a strong stance on user privacy as recently as this morning, we should expect to see addition attempts by Apple to lock down iPhones. And, of course, more attempts by both Grayshift and police to defeat them.