GrayKey, The Device That Unlocks ANY iPhone Is Spotted In The Wild
In an interesting scoop, MalwareBytes managed somehow to get pictures of GrayKey. This is the device that I told you about that unlocks any iPhone. How it does it work? Here’s a rundown:
Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.
After the device is unlocked, the full contents of the filesystem are downloaded to the GrayKey device. From there, they can be accessed through a web-based interface on a connected computer, and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download.
MalwareBytes saw this in action with an iOS 11.2.5 device which is slightly behind the current release of iOS which is 11.2.6. MalwareBytes assumes it is using some sort of jailbreaking process which seems like a reasonable assumption. That means that this is something that Apple can potentially address in a software update, once they somehow acquire this box so that they can see how it works. Which you know will happen one way or another. That begs the question, if Apple develops countermeasures to this, how long would it take for the GrayShift to adapt and be able to crack iPhones again?
Now there’s two flavors of this device:
The GrayKey device itself comes in two “flavors.” The first, a $15,000 option, requires Internet connectivity to work. It is strictly geofenced, meaning that once it is set up, it cannot be used on any other network.
However, there is also a $30,000 option. At this price, the device requires no Internet connection whatsoever and has no limit to the number of unlocks. It will work for as long as it works; presumably, until Apple fixes whatever vulnerabilities the device relies on, at which time updated phones would no longer be unlockable.
The offline model does require token-based two-factor authentication as a replacement for geofencing for ensuring security. However, as people often write passwords on stickies and put them on their monitors, it’s probably too much to hope that the token will be kept in a separate location when the GrayKey is not being used. Most likely, it will be stored nearby for easy access.
And that’s the one thing that is a concern. If the more upscale model got into the wrong hands, it could become a huge problem as no iPhone would be safe. Also, it’s assumed that this is being sold to law enforcement as the price points are more than affordable. But rogue nations who oppress their citizens could also be buyers as well. That’s kind of concerning. But I don’t see GrayShift, the company behind this telling the world who the buyers of this product happen to be.
I’m going to sit back and watch the fireworks that this box creates. The fact that it even exists and seems to work is going to get a whole lot of attention from a lot of interested parties. And that will create ripple effects for all to feel.
April 25, 2018 at 8:31 am
[…] might remember that I have previously covered Graykey which is made by a company called GrayShift and is the iPhone unlocking device that all the cool […]