GrayKey, one of the forensics tools used by law enforcement (and also the "alphabet" agencies, like the CIA, FBI, etc.) to crack locked iPhones, has had only limited success unlocking iOS 18 and iOS 18.0.1, according to a recent report by 404 Media. The website got its hands on secured documents that offer an in-depth look at GrayKey's functionality, providing informative insight into what the device can do.
This information is interesting, as GrayKey's parent company, Magnet Forensics, does not share information about the tool, and we haven't seen this much information about GrayKey before now.
The document shows that most iPhone models capable of running iOS 18 or iOS 18.0.1 are listed as eligible for a "partial" unlock. However, the iPhone 11 lineup can apparently be fully unlocked. The document doesn't mention its unlocking capabilities for data stored on iOS 18.1 devices, although the iOS 18.1 betas were filed under the "inaccessible" column.
The document doesn't specify how much "partial" access is and how much data can be harvested from iPhones under that listing. Still, it may be that law enforcement can only access unencrypted files, folder structure, and other limited information. On fully unlockable iPhones, GrayKey can unlock a device locked using a four-digit passcode in just a few minutes, while longer passcodes can take several hours to be unlocked.
Since GrayKey takes advantage of known vulnerabilities in iOS to accomplish its task, the tool's capabilities can change every time Apple releases an iOS update, which generally includes security fixes. For example, an iOS 12 update foiled GrayKey's unlocking efforts, although new security vulnerabilities were soon discovered that could be exploited to unlock iPhones. This makes it likely that Magnet Forensics will be able to discover a security hole in iOS 18 to allow full access to devices running the latest version of iOS as well.
Earlier this year, a report shared how GrayKey competitor, Israel-based mobile forensics company Cellebrite, cannot be used to unlock iPhones running iOS 17.4 or later. However, Cellebrite is now reportedly able to unlock devices running iOS 17.5.1.
Devices that can unlock the iPhone and other devices, such as Android-powered devices, first garnered wide attention back in 2016, when it was reported that Cellebrite helped the FBI access data stored on the iPhone 5c used by San Bernardino mass shooter Syed Farook after Apple refused to help the bureau unlock the device (it was later revealed that the FBI did not use Cellebrite to unlock the handset).
Apple constantly works to improve the security of all of its devices and operating systems to prevent tools like GrayKey and Cellebrite's devices from being used to reliably unlock iPhones and access the data stored on them. As soon as someone discovers a new vulnerability that can be exploited, Apple generally reacts quickly to plug the security hole.
Recently, it was revealed that a change made in iOS 18.1 will cause an iPhone to self-reboot if it hasn't been unlocked or used for an extended period. This poses a problem for law enforcement, as an iPhone that's been rebooted is much harder to crack into.
Many of the tools used by forensic specialists rely on a locked iPhone being in an "after first unlock" (AFU) state, which refers to the state where certain information remains stored in the device's memory in an unencrypted form. However, a rebooted iPhone that hasn't been unlocked is in a "BFU" or "before first unlock" state where nearly the entire wealth of data on the iPhone is encrypted until the user enters their passcode or password to unlock the device and decrypts the data.
While multiple government agencies, both in the United States and in other countries, have tried to force Apple into providing backdoors or workarounds for the Cupertino firm's end-to-end encryption used to secure customer data, Apple has so far continued to stand fast, refusing to provide such access.
Unfortunately, if a backdoor to encrypted data is provided, it could be used by the world's bad actors to access sensitive data on stolen iPhones and other devices.