Recent leaked documents have exposed the current capabilities and limitations of Graykey, a powerful but controversial smartphone unlocking tool used by law enforcement agencies worldwide.
The documents, first reported by 404 Media, reveal that the forensic device now faces major hurdles when attempting to access data from the latest iPhone software versions. On devices running iOS 18 and 18.0.1, Graykey can only perform "partial" data extractions - likely limited to unencrypted files and basic metadata like folder structures.
More concerning for law enforcement, the tool appears completely ineffective against beta versions of iOS 18.1, unable to extract any data whatsoever. This represents a notable win for Apple's ongoing security hardening efforts.
The situation differs for Android devices. When examining Google's latest Pixel 9 phones, Graykey can partially access data, but only if the device has been unlocked at least once since powering on - a state known as "After First Unlock" (AFU).
Andrew Garrett, who leads Garrett Discovery, validated the authenticity of the leaked materials, confirming they match known information about Graykey's capabilities. Both Magnet Forensics (Graykey's parent company) and Apple declined to comment on the revelations.
The documents highlight an intensifying technical battle between smartphone makers and forensics companies. Apple regularly introduces new security features, including USB restrictions and automatic rebooting, which have made unauthorized access increasingly challenging.
While Graykey and similar tools often struggle initially with new operating system releases, history suggests they eventually find ways around these protections. As smartphone security continues evolving, experts predict this cat-and-mouse game between device makers and forensic tool developers will persist.
This leak offers rare insight into the real-world effectiveness of mobile device forensics tools that play a central role in modern law enforcement investigations.