Grayshift says it has defeated Apple's USB Restricted Mode allowing it to crack open any iPhone

Yesterday, we told you about a change Apple has said it will make in iOS 12 to the Lightning port's settings in order to reduce the ability of law enforcement and hackers to crack open a locked iPhone. Apple is calling this the USB Restricted Mode. Most cracking machines use the Lightning port to get around limits Apple has placed on the number of attempts cops and hackers have to figure out an iPhone user's password. This "brute force" process tries every possible combination of numbers and letters to open an iPhone. The change in iOS 12 stops the Lightning port from being used to communicate with another device if an iPhone has not been unlocked within the previous hour.

But before Apple could say "checkmate," Grayshift, the company that manufacturers the GrayKey cracking machine, says that it has already defeated the upcoming USB Restricted Mode. If true, that puts the ball squarely in Apple's court as pressure will mount inside Cupertino to respond with another way to prevent these machines from opening an iPhone so that law enforcement and hackers can access personal data inside it.

According to Motherboard, an email it has seen was sent this month by a forensics expert who was supposed to meet with Grayshift. The email says that Grayshift claims that it has defeated the Restricted USB Mode feature in a beta build of iOS 12. Additionally, the company made it clear that the GrayKey has many capabilities that it will be able to use in the future to stay one step ahead of Apple.

While Grayshift appears confident in its ability to defeat USB Restricted Mode, rival Cellebrite, not so much. VP of research at the Israeli firm, Shahar Tal, sent out a tweet today that read, "tmw (That moment when) 10 of the last 12 threads in my inbox have 'USB Restricted Mode' in the subject line, and you realize it's just the beginning."

source: Motherboard



1. TechNeck

Posts: 657; Member since: Aug 29, 2014

That was way too quick.

2. Papa_Ji

Posts: 912; Member since: Jun 27, 2016

Nothing surprising. iPhones are kids toy and Apple's everything is a gimmick.

5. iPhoneFanboy

Posts: 286; Member since: Apr 21, 2018

Android devices must be dog toys then, lol.

9. Dr.Phil

Posts: 2525; Member since: Feb 14, 2011

What security features does Android offer to stop hacks like this? I’m honestly curious.

12. RebelwithoutaClue unregistered

Brute force cracking over USB isn't possible by default since a user has to enable debugging over USB, which he only gets after enabling developer tools. Most users won't do that. And brute-forcing on the device itself is limited because, after a few tries, the phone will wipe itself. The locked bootloader is also a good step in preventing to access the data since it won't allow changing the recovery, boot and system partition. But there will be always flaws or bugs that hackers (or companies) can use to bypass security

17. yalokiy

Posts: 1124; Member since: Aug 01, 2016

And even with USB debug enabled, you get a pop-up on the phone to accept the key of device it has been connected to. With screen locked one would have to brake through that protection as well.

29. Dr.Phil

Posts: 2525; Member since: Feb 14, 2011

I did read an article on if the FBI had tried to hack an Android versus the iPhone in the San Bernardino attack and they found that Android is more susceptible to a remote attack versus physically having the phone. I’d think that Android being so open has that kind of drawback. But the other issue that Android has, as I’ve mentioned before, is the default messaging on an Android is text messaging which means you don’t even need physical access to get the info you need. Apple used iMessage which by default is encrypted and harder to obtain. Since majority of the information law enforcement need is what’s transmitted through texts I find this to be a huge deal that Android needs to address. They need to create a default encrypted messaging service.

30. RebelwithoutaClue unregistered

It's only encrypted when you message people that have an iPhone too. Otherwise, it would revert back to ordinary text messages. But I am pretty sure most people don't use text messages, at least not in my country where everybody uses Whatsapp. Btw iMessages are stored in the iCloud so while you are safe from hackers, the govt can ask Apple to reset the password and take a look at the messages in the iCloud. And you are right, especially older Android phones had major security flaws (like stagefright) that you don't even need physical access.

33. Dr.Phil

Posts: 2525; Member since: Feb 14, 2011

Yes but with the popularity of iPhones, the usage of iMessage is very prevalent. Also, iMessage storage in the iCloud could be disabled and it uses end to end encryption so that when it does touch iCloud servers it shouldn’t be decipherable until it’s opened by a decrypting key on the receiving device. If that were the case then the government wouldn’t have made a huge brouhaha over the San Bernardino iPhone and would’ve just simply asked Apple for the info on the servers. They were mostly interested in seeing what texts were being sent in case of a second person involved.

11. RebelwithoutaClue unregistered

Oh please grow up. You can say what you want about Apple, but their smartphone device is more secure than your average Android phone.

18. yalokiy

Posts: 1124; Member since: Aug 01, 2016

I wish there were smartphone pwn2own fests organized for iphones, pixels and galaxies. galaxies have knox, wonder how much that improves the security. With monthly updates I guess android security should be on par with ios (or even better?). After all, android is based on linux kernel, which has selinux and all type of government security standards certifications (speaking of redhat EL).

25. yalokiy

Posts: 1124; Member since: Aug 01, 2016

True, but generally, the pwn2own is more about browsers.

3. AVVA1

Posts: 228; Member since: Aug 01, 2017

Either they're bluffing or damage control. Besides iOS 12 is still not on GM or officially released the fact that this still in beta means Apple can close the possible "exploit" which grayshift uses before official release in fall. Also, Apple can actually take advantage of this and patch it, similar to what Apple did to Jailbreak they made it pretty difficult to JB idevices (but still possible).

4. drunkenjay

Posts: 1704; Member since: Feb 11, 2013

doubt it. where theres always a way to crack it even if apple patches it. thats why jailbreaking still work and hackers are still make billions.

6. mootu

Posts: 1541; Member since: Mar 16, 2017

How can Apple close the "exploit" when Grayshift have not stated how they are doing it. I highly doubt it's bluffing or damage control, hackers like these guys are usually one step ahead.

10. Dr.Phil

Posts: 2525; Member since: Feb 14, 2011

Even if it were to be the case, Grayshift works off brute force. If you use an alphanumeric it’ll take years to hack your device, as I’ve mentioned in articles before. Considering your passcode is just a backup in case you can’t get in via fingerprint or Face ID, I would highly recommend an alphanumeric password as a login. It ensures that if you ever had your phone seized that it would take years to unlock which hopefully by that time they just give up.

20. yalokiy

Posts: 1124; Member since: Aug 01, 2016

If it is indeed by brute force, I totally agree! Should be at least 10 chars long and preferably using lower and upper case letters + digits.

15. Dingy_cellar_dweller

Posts: 339; Member since: Mar 16, 2013

Draw a line in the sand and someone will cross it.

28. cmdacos

Posts: 4392; Member since: Nov 01, 2016

Nice work Grayshift!! Thanks for helping to protect us from criminals and terrorists!

32. tedkord

Posts: 17513; Member since: Jun 17, 2009

There is always a hack. No such thing as foolproof security.

36. rouyal

Posts: 1598; Member since: Jan 05, 2018

If it is possible for Apple to implement a full wipe after X amount of attempts, would be best I think.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless