Recently unveiled documents indicate that the Graykey iPhone hacking tool has the ability to “partially” access iPhone 16 models, though this is not possible if these devices are operating any iOS 18 beta versions.
Graykey, a competitor to Cellebrite, is designed for use by law enforcement agencies. While there have been previous leaks regarding Cellebrite’s capabilities, this marks the first instance of identifying which devices Graykey can infiltrate.
Cellebrite and Graykey
Both companies produce similar tools—specialized hardware and software that connect to locked iPhones, executing various exploits to retrieve data. Graykey is developed by Grayshift, which has recently rebranded as Magnet Forensics.
Cellebrite and Magnet source zero-day vulnerabilities from hackers who identify security weaknesses that Apple has yet to resolve.
A continuous cat-and-mouse game exists between black-hat hackers, who hunt for exploitable vulnerabilities to monetize, and Apple, along with the security research community, who strive to detect and patch these exploits.
These hacking companies maintain compatibility tables for their clients, specifying which devices can be accessed. There have been multiple instances of Cellebrite’s tables being leaked, the latest occurring in July of this year, when the company reported an inability to unlock most iPhones running iOS 17.4 or later, although this may have changed since.
This is the first time we have encountered compatibility tables for Graykey.
Graykey can ‘partially’ access iPhone 16 models
Apple continually strives to enhance both hardware and software security, meaning the devices susceptible to these tools depend on both the iPhone model and the iOS version being used.
404Media acquired the Graykey documents revealing that the tool has full access to the iPhone 11 and “partial” access to iPhone models ranging from 12 through 16. This suggests that significant hardware limitations were established by Apple starting with the iPhone 12.
The site did not manage to obtain documents clarifying the specific capabilities, leaving it unclear what “partial” access entails. It could range from access to unencrypted files to merely metadata on encrypted files.
Additionally, it’s notable that a recent Apple update mandates that iPhones enter a Before First Unlock (BFU) state after four days of inactivity. In BFU mode, all user data becomes encrypted, giving law enforcement a very brief window of opportunity to operate.
All current betas defeat Graykey
The table obtained by 404Media indicates that the tool is incapable of gaining any access to earlier iPhones running any iOS 18 beta versions, listing access capabilities as “none” for all devices with any beta installed.
However, as noted by the site, it remains unclear if Magnet has been actively trying to break into the betas unsuccessfully, or if the lack of opportunity justifies the effort.
How to protect your iPhone
It is important to remember that both Cellebrite and Graykey require physical access to the device, and both organizations assert that they only sell their tools to law enforcement, making the risks comparatively low.
However, the best defense against any exploit generally involves keeping your devices updated with the latest iOS version—whether that be release or beta.
While this is predominantly the best strategy, there are exceptions where new vulnerabilities may emerge. An example is the iPad mini 5, where devices running iPadOS 18.0 only allow partial access, whereas those on iPadOS 18.0.1 provide full access.
Image: Magnet Forensics
: . More.
