“At a conference of law-enforcement forensics officials last week, someone asked David Miles what would happen if Apple Inc. tried to ruin his business,” Robert McMillan reports for The Wall Street Journal. “Mr. Miles heads an Atlanta startup called Grayshift LLC that sells a $15,000 iPhone-unlocking box to police and other authorities in the U.S. The device’s popularity has contributed to what some forensics investigators say is a golden age of iPhone investigations and led the conference attendee to ask what Grayshift could do if Apple tried to block it. ‘That’s the question everyone’s asking,’ Mr. Miles said to muted laughter, before returning to a demonstration of how his device, called a GrayKey, could break into an iPhone and download nearly all of the data available on the device.”
“Now Apple is indeed firing back, saying Wednesday it is testing a change to its iOS mobile software that, according to people familiar with the company’s plans, could stop the GrayKey from getting into iPhones,” McMillan reports. “The company, which started selling GrayKey earlier this year, won’t discuss the Apple flaws it leverages to get onto the iPhone. But at last week’s demonstration, it was an easy process. Mr. Miles plugged an iPhone X into the GrayKey’s Lightning cable, clicked a handful of options on a management screen and the device went to work. Apple’s new software feature is designed to limit the window of opportunity for police to use the GrayKey to 60 minutes.”
MacDailyNews Take: Apple’s new software feature is designed to limit the window of opportunity for those who use the GrayKey to 60 minutes. TFTFY. These boxes are not just in the hands of “the good guys.”
“The software feature prevents devices from accessing data on the iPhone via the Lightning port starting an hour after a phone was last unlocked,” McMillan reports. “he company has also likely included software patches that will otherwise block the GrayKey’s effectiveness, security researchers say.”
Read more in the full article here.
MacDailyNews Take: Also, use long, alphanumeric passwords and, even if there is a GrayKey box on every corner, your data will remain secure.
Use at least seven characters – even longer is better – and mix numbers, letters, and symbols.
To change your password in iOS:
Settings > Face ID & Passcodes > Change Passcode > Passcode Options: Custom Alphanumeric Code
Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)
— Matthew Green (@matthew_d_green) April 16, 2018
Cops are confident Grayshift iPhone hackers already have a workaround to Apple’s new iOS security feature – June 15, 2018
Apple to undercut GrayShift, Cellebrite tools for cracking iPhones – June 13, 2018
Apple’s iOS 11.4 update with ‘USB Restricted Mode’ may defeat GrayKey, Cellebrite forensic tools – May 8, 2018
GrayKey box can guess a six-digit iPhone password in 11 hours on average – April 16, 2018
Police around the U.S. can now unlock iPhones – April 12, 2018
Law enforcement uses ‘GrayKey’ box to unlock iPhones – March 16, 2018
The man who wrote those password rules has a new tip: N3v$r M1^d! – August 8, 2017