The Graykey iPhone hacking tool can “partially” access iPhone 16 models, according to leaked documents, but not if the device is running any of the iOS 18 betas.
Cellebrite’s rival, Graykey, is designed for use by law enforcement organizations. Although similar documents from Cellebrite have previously been leaked, this is the first time we’ve learned which devices Graykey can access.
Black-hat hackers, who look for vulnerabilities to sell for a profit, and Apple and the security researcher community, who look for and stop these exploits, are engaged in a never-ending game of cat-and-mouse.
Both hacking firms provide their clients with tables that list the devices they are able to and are unable to access. Cellebrite’s tables have been leaked on multiple occasions; the most recent instance occurred in July of this year. The majority of iPhones running iOS 17.4 and later could not be unlocked by the company at that time, though this is probably no longer the case.
Graykey’s device compatibility tables were not previously available to us.
Both Graykey and Cellebrite
Both businesses produce comparable goods, such as PC apps and hardware boxes that connect to locked iPhones and use a range of exploits to access their data. Grayshift, the company that makes Graykey, recently changed its name to Magnet Forensics.
Cellebrite and Magnet are dependent on buying zero-day vulnerabilities from hackers who have found security holes that Apple is unaware of.
Graykey can “partially” access models of the iPhone 16.
Since Apple is always looking to improve both software and hardware security, the devices that are susceptible to these tools vary depending on the model of iPhone and the iOS version that is installed.
The Graykey documents, which were acquired by 404Media, show that the tool can obtain “partial” access to the iPhone 12 through iPhone 16 as well as full access to the iPhone 11. This implies that the iPhone 12 was the last major hardware barrier that Apple put in place.
We are unsure of what is meant by “partial” in this context because the website was unable to access documents outlining the precise capabilities. It might be as restricted as metadata for encrypted files and unencrypted files.
It is important to note that iPhones now enter a Before First Unlock (BFU) state after four days of inactivity due to a recent change made by Apple. All user data is encrypted once a phone enters BFU mode, giving law enforcement a very short window of time to take action.
Graykey is defeated by all current betas.
Even older iPhones running any of the iOS 18 betas are completely inaccessible to 404Media, according to the table it was able to obtain. All devices running any of the betas have their access capabilities listed as “none” in the entries.
However, as the website points out, we are unsure if Magnet has been making a lot of effort to break the betas and has been unsuccessful thus far, or if there aren’t enough of them to warrant the required effort.
How to keep your iPhone safe
Though the risks are minimal, it’s important to keep in mind that both Cellebrite and Graykey tools need physical access to your device, and both companies state that they only sell to law enforcement.
Generally speaking, though, updating your devices to the most recent version of iOS—be it beta or release—is your best defense against any exploit.
Although this is typically the best
course of action, occasionally a new vulnerability is introduced. For the iPad mini 5, this seems to be the case; models running iPadOS 18.0 only permit partial access, while those running iPadOS 18.0.1 permit full access.
