Researchers crack improved protection against unlocking tools from iOS beta
The USB restricted mode that Apple is introducing in a beta version of iOS 12 to combat USB unlocking tools is said to have already been cracked by one of the makers of such tools. Although they claim this, they have not demonstrated it so far.
Earlier this month it was revealed that Apple is working on a USB restricted mode for iOS 12. That simply means that USB devices cannot interact with an iPhone unless it has been unlocked within the past hour. The phone can then only be charged via USB, data traffic is not allowed. This measure is also included in previous versions of iOS, but then the time period was a week. The shorter time period would make unlocking tools useless.
In an email Motherboard saw in a forensic expert, GrayShift, the developer of the GrayKey unlocking tool, is “working hard to future-proof its tools and has already beaten the beta build’s measures.” Another person in the e-mail conversation states that Grayshift ‘already covered usb restricted mode during a webinar a few weeks ago’.
Such unlocking tools are offered by not only GrayShift, but also the Israeli Cellebrite. Other research by Motherboard would show that such tools are in practice in American police forces. GrayKey would cost $15,000 for 300 uses, and $30,000 for unlimited uses, according to Forbes. The tool is said to work on iOS 10 and 11, with support for iOS 9 in the future. The device uses techniques to brute-force an iPhone’s decryption code as quickly as possible, bypassing the measures against too many mis-guessed codes.
Image: MalwareBytes