Graykey Hacking Tool Can Partially Access iPhone 16, But Fails with iOS 18 Betas
Recent leaked documents have revealed that the Graykey iPhone hacking tool can achieve partial access to iPhone 16 models, but it hits a wall against
Recent leaked documents have revealed that the Graykey iPhone hacking tool can achieve partial access to iPhone 16 models, but it hits a wall against devices running any version of the iOS 18 betas. This development has significant implications for both law enforcement agencies and Apple’s ongoing battle against security vulnerabilities that hackers exploit.
Graykey, developed by Grayshift—now known as Magnet Forensics—competes directly with Cellebrite, another leading provider of mobile data access tools. Both companies utilize specialized hardware and software solutions designed to connect with locked iPhones, deploying various exploits to retrieve data. Previously, similar documents from Cellebrite had surfaced, showcasing the ever-evolving capabilities and limits of these tools in accessing Apple devices.
A significant aspect of these leaked Graykey documents is their revelation about device compatibility. Before this leak, there had been little public knowledge about which iPhone models Graykey could unlock. According to the acquired documents, Graykey achieves full access to iPhone 11 and partial access to models ranging from iPhone 12 through iPhone 16. This development suggests that Apple’s last major hardware security enhancements were likely instituted with the iPhone 12, after which vulnerabilities have become harder for Graykey to exploit.
Both Graykey and Cellebrite rely on acquiring zero-day vulnerabilities from hackers who discover security flaws that are not yet known to Apple, creating a dynamic of cat-and-mouse between black-hat hackers and the Apple security team. The leaked documents indicate a definitive barrier against accessing any iPhone running iOS 18 beta versions, as entries in the compatibility table show zero access capabilities across all models for these beta systems.
One notable change affecting access occurs after an iPhone has gone unused for four days, when it enters a state termed Before First Unlock (BFU). In this mode, all user data is encrypted which significantly limits the effectiveness of hacking tools like Graykey. This new Apple feature requires law enforcement to act quickly when needed—typically within a four-day window—before devices enter this secured mode.
While Graykey struggles with newer iOS betas, it remains unclear whether the company is actively working to overcome these security measures or if the lack of successful attempts is simply due to the betas being too few in number to justify the effort. For now, it’s crucial to note that the effectiveness of both Graykey and Cellebrite relies on the physical access to devices in question, as they claim their tools are exclusively sold to law enforcement agencies, thereby minimizing risks for the general public.
Experts advise that maintaining updated devices—whether on stable releases or beta versions—offers the best protection against potential exploits. Keeping devices on the latest software iterations enhances security protections, even as it’s noted that some new updates can inadvertently introduce their own vulnerabilities. A recent example emerged with iPad mini 5 models, where those running iPadOS 18.0 provided partial access, whereas versions updated to 18.0.1 allowed full access.
In summary, the ongoing competition between mobile data extraction companies and Apple’s security measures is a critical area of interest for tech enthusiasts, security professionals, and law enforcement alike. With leaked insights into what Graykey can achieve against the latest iPhones, it’s clear that while progress is being made, Cupertino’s commitment to robust security continues to raise the stakes in this ongoing technological arms race.
