GrayKey Unlocking Box That Agencies Use to Hack into Latest iPhones – Developed by Ex-Apple Engineer [Images]
Cellebrite may receive much of the attention when it comes to iPhone unlocking for the likes of the FBI, a new player known as GrayShift surfaced recently. Founded in 2016 and having fewer than 50 employees, the company doesn't appear to put its trust in marketing and restricts its website access to law enforcement officials.
However, recently an iPhone unlocking device named GrayKey started making the rounds. While until now it was unknown if this was a device or a service, it appears GrayKey is an in-house tool for law enforcement offices in contrast to Cellebrite that likes to charge its clients in millions of dollars and keeps complete control over how it breaks into the devices.
So far surrounded in mystery, GrayKey - the device that enables law enforcement to break into the most latest iPhones in-house - has finally been revealed to the public thanks to an anonymous source. In a post today, Malwarebytes researchers citing an anonymous source shared a myriad of images showing the device in its full glory along with several questions about its lack of security.
How does GrayKey iPhone unlocker works
Malwarebytes Labs reported that GrayKey is a gray box, four inches wide by four inches deep by two inches tall, with two lightning cables sticking out of the front. Two iPhone can be connected to GrayKey at the same time.
- The target iPhones are connected for about two minutes.
- Still, unbroken, they are disconnected from GrayKey.
- After a while, the iPhones will display a black screen displaying the passcode, along with other information.
It remains unclear how long it takes for the iPhone to display the passcode, it could reportedly go anywhere from two hours to nearly three days when six-digit passcodes are involved. This gray box can reportedly break into even the disabled iPhones and the very latest iOS versions. Once cracked, the full contents of the filesystem are downloaded to GrayKey. "From there, they can be accessed through a web-based interface on a connected computer, and downloaded for analysis," researchers wrote. "The full, unencrypted contents of the keychain are also available for download."
This iPhone unlocker goes for as low as $15,000 for 300 uses. This base version is strictly geofenced and cannot be used on any other network after setup. The second option is a $30,000 model that doesn't need internet connection and has no limits on the number of unlocks. This model is secured using two-factor authentication.
FBI may have found an alternative but so will criminals, if they haven't already
While FBI and the law enforcement agencies may have found an extremely cheap alternative to contacting Apple or hiring security experts to break into latest phones, these boxes come with their own set of concerns.
As the report itself suggests it's difficult to trust law enforcement agencies who have often come under fire for poor security practices. The worries of an insider selling this in black market are also realistic considering how much they could bring from the dark web.
Earlier reports had suggested that GrayShift is led by an ex-Apple engineer. Considering this involvement, Apple might have to rethink iPhone security to keep it safe from GrayShift. Many also believe that a software exploit is being used, which shouldn't be too difficult for Apple to fix.
"The existence of the GrayKey isn't hugely surprising, nor is it a sign that the sky is falling," the report says. "However, it does mean that an iPhone's security cannot be ensured if it falls into a third party's hands."