The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28.
The leak is unprecedented for Grayshift, the highly secretive company which made the Graykey before being acquired by Magnet Forensics, another digital forensics company. Although one of its main competitors Cellebrite has faced similar leaks before, this is the first time that anyone has published which phones the Graykey is able, or unable, to access.
The documents, which also break down the Graykey’s capabilities against Android devices, provide never-before-seen insight into the current cat-and-mouse game between forensics and exploit development companies like Magnet and phone manufacturers Apple and Google.