Leaked documents reveal that the Graykey iPhone hacking tool is able to “partially” access iPhone 16 models – but not if they are running any of the iOS 18 betas.

Graykey is a competitor to Cellebrite, and is intended for use by law enforcement agencies. We’ve seen similar leaked documents from Cellebrite before, but this is the first time we’ve discovered which devices Graykey can access …

Cellebrite and Graykey

The two companies both make similar products – hardware boxes and PC apps which connect to locked iPhones and run a variety of exploits to access the data on them. Graykey is made by Grayshift, which recently rebranded as Magnet Forensics.

Cellebrite and Magnet rely on purchasing zero-day vulnerabilities from hackers who have discovered security flaws unknown to Apple.

There’s a constant game of cat-and-mouse between black-hat hackers on the one hand, who seek to find vulnerabilities to sell for a profit, and Apple and the security researcher community on the other hand, who seek to identify and block these exploits.

Both hacking companies publish tables for their clients, showing which devices they can and cannot access. There have been several cases of Cellebrite’s tables being leaked, the most recent of which was in July of this year. At that point, the company couldn’t unlock most iPhones running iOS 17.4 and later, though things are likely to have changed since then.

We have not previously had access to device compatibility tables for Graykey.

Graykey can ‘partially’ access iPhone 16 models

Apple is constantly seeking to make both hardware and software security improvements, meaning that the devices vulnerable to these tools depends both on the iPhone model and the version of iOS it is running.

404Media obtained the Graykey documents, and they reveal that the tool can gain full access to the iPhone 11, and “partial” access to the iPhone 12 to iPhone 16 inclusive. This suggests that the last significant hardware barrier implemented by Apple was in the iPhone 12.

The site didn’t manage to access documents detailing the exact capabilities, so we don’t know what is meant by “partial” in this case. It may be as limited as unencrypted files and metadata for encrypted ones.

It’s worth noting that a recent change implemented by Apple means that iPhones now go into a Before First Unlock (BFU) state after four days without use. Once a phone enters BFU mode, then all user data is encrypted, so law enforcement would have a very limited window in which to act.

All current betas defeat Graykey

The table obtained by 404Media shows that the company is unable to gain any access at all to even older iPhones running any of the iOS 18 betas. The entries list access capabilities as “none” for all devices running any of the betas.

As the site notes, however, we don’t know whether Magnet has been working hard to break the betas and so far failed, or whether there simply aren’t enough of them to justify the necessary effort.

How to protect your iPhone

It’s worth noting that both Cellebrite and Graykey tools require physical access to your device, and both companies claim they sell only to law enforcement agencies, so the risks are very low.

In general, though, your best protection against any exploit is to keep your devices updated to the latest version of iOS – whether release or beta.

Note that while this is almost always the best policy, there are a few cases where a new vulnerability is introduced. This appears to be the case for the iPad mini 5, where models running iPadOS 18.0 allow only partial access, but those running iPadOS 18.0.1 allow full access.

Image: Magnet Forensics

FTC: We use income earning auto affiliate links. More.