Leaked documents show that the iPhone jailbreak tool Graykey is capable of “partial” access to iPhone 16 models, but not those running any of the iOS 18 betas.
Graykey is a competitor to Cellebrite and is intended for use by law enforcement. We've seen similar document leaks from Cellebrite before, but this is the first time we've found out which devices Graykey can access.”
Cellebrite and Graykey
The two companies make similar products — hardware boxes and PC apps that plug into locked iPhones and run various exploits to access data on them. Graykey is made by Grayshift, which recently rebranded itself as Magnet Forensics.
Cellebrite and Magnet rely on buying zero-day vulnerabilities from hackers who have discovered security flaws unknown to Apple.
There is an ongoing cat-and-mouse game between black hat hackers looking for vulnerabilities to sell for profit, and Apple and the security research community looking for and blocking those exploits.
Both hacking companies publish spreadsheets for their clients showing which devices they can and cannot access. There have been several instances of Cellebrite's spreadsheets being leaked, most recently in July of this year. At the time, the company was unable to unlock most iPhones running iOS 17.4 and later, though that has likely changed since then.
We haven't had access to device compatibility spreadsheets for Graykey before.
Graykey can “partially” access iPhone 16 models
Apple is constantly looking to improve both hardware and software security, meaning that the devices vulnerable to these tools depend on both the iPhone model and the version of iOS it runs on.
404Media obtained Graykey documents, and they show that the tool can gain full access to the iPhone 11 and “partial” access to the iPhone 12 up to and including the iPhone 16. This suggests that the last significant hardware barrier Apple implemented was in the iPhone 12.
The site was unable to access documents detailing the exact capabilities, so we don’t know what “partial” means in this case. It could be limited to unencrypted files and metadata for encrypted ones.
It's worth noting that a recent change implemented by Apple means that iPhones will now go into a BFU state after four days of non-use. Once a phone goes into BFU mode, all user data is encrypted, so law enforcement will have a very limited window to act.
All Current Betas Defeat Graykey
A spreadsheet obtained by 404Media shows that the company can't gain any access at all to even older iPhones running any of the iOS 18 betas. The records list the access capabilities as “none” for all devices running any of the beta versions.
However, as the site notes, we don’t know whether Magnet has been working hard to crack the beta versions and has failed so far, or whether there just aren’t enough of them to justify the effort required.
How to Protect Your iPhone
It’s worth noting that the Cellebrite and Graykey tools require physical access to your device, and both companies say they only sell them to law enforcement, so the risks are very low.
In general, though, the best defense against any exploit is to update your devices to the latest version of iOS — whether release or beta.
Note that while this is almost always the best policy, there are a few cases where a new vulnerability comes along. This appears to be the case for the iPad mini 5, with models running iPadOS 18.0 only allowing partial access and models running iPadOS 18.0.1 allowing full access.
Image: Magnet Forensics
