When the FBI asked Apple to create a backdoor into iOS in the wake of the San Bernardino shooting, Tim Cook and co. basically told the government to screw off. The issue wasn’t whether Apple wanted to help with the investigation—it did—but rather one of security. That’s because if Apple created special methods of bypassing its own safety measures, the company argued it would be putting every iOS user at risk.
This forced the government to turn to hackers and third-party security firms like Cellebrite, which earlier this year claimed it could unlock all of Apple’s latest iOS devices. But now, there’s apparently a new iPhone unlocking tool on the market that could rival the $5,000-per-device (£3,500) unlocking service offered by Cellebrite.
Here’s an alleged photo of the GrayKey, which can be used to crack two iPhones at the same time.
According to info released to security software company Malwarebytes, the GrayKey is a proprietary hardware solution about the same size as an Apple TV that can crack an iPhone’s unlock code in a little as two hours, though it can take three days or more for longer, six-digit passcodes. You can view a picture of the device here.
Developed by Grayshift, a private security firm founded in Atlanta in 2016, the GrayKey seems to be available in two different configurations: a $15,000 (£10,760) model that requires a geo-fenced internet connection to function, and an unlocked $30,000 (£21,500) version that works offline and can be used an unlimited number of times.
According to Malwarebytes, after connecting iPhones to the GrayKey and running a program, the iPhone will then display its passcode on the device’s screen after a certain amount of time.
Once the GrayKey cracks an iPhone’s passcode, the box can be used to download the entire contents of a device or analyse and decrypt the device’s keychain, according to Malwarebytes. In photos shared with Malwarebytes, there seems to be evidence of a successful unlock attempt in which the GrayKey discovered the passcode of an iPhone running iOS 11.2.5, which indicates this happened relatively recently, as the most up-to-date release of iOS is version 11.2.6.
Here is a more detailed readout of the information the GrayKey can unlock.
Rumoured to have been released in late-2017, one GrayKey unit was reportedly purchased by the Indiana State Police earlier this year, though it’s not clear how many total devices might be out in the wild. However, the concern is that if the GrayKey becomes a regular staple of police departments and agencies like the FBI, much of Apple’s security efforts could go to waste.
Even without your consent, the GrayKey could allow the government to access your phone in very little time. And if the device fell into the hands of a thief, it could make the process of flipping stolen iPhones trivial. With all that said, Apple’s next update to iOS could fix whatever vulnerabilities the GrayKey apparently uses to crack passcodes. [Malwarebytes]