GrayShift Pwned…. Some Code Leaked And An Extortion Attempt Was Made

You might remember that I have previously covered Graykey which is made by a company called GrayShift and is the iPhone unlocking device that all the cool law enforcement types are using at the moment. Well, it seems that they’ve had a bit of a leak of some of their IP as part of an extortion attempt by parties unknown. Motherboard has the details:

Last week, an unknown party quietly leaked portions of GrayKey code onto the internet, and demanded over $15,000 from Grayshift—ironically, the price of an entry-level GrayKey—in order to stop publishing the material. The code itself does not appear to be particularly sensitive, but Grayshift confirmed to Motherboard the brief data leak that led to the extortion attempt.

“Mr. David Miles,” the extortionists’ first message, published on Thursday, reads, addressing a co-founder of Grayshift. “This is addressed to you and any other people interested in keeping GrayKey product secure and not available to the wide [sic] public.”

And:

Indeed, Grayshift told Motherboard in a statement “Due [to] a network misconfiguration at a customer site, a GrayKey unit’s UI was exposed to the internet for a brief period of time earlier this month.” 

“During this time, someone accessed the HTML/Javascript that makes up our UI. No sensitive IP or data was exposed, as the GrayKey was being validation tested at the time. We have since implemented changes to help our customers prevent unauthorized access,” the statement added.

So the company says that this isn’t a big deal. But the fact that GrayShift got pwned at all has to get your attention. As well as the attention of their customers. You can bet that either the people responsible for this, or someone else will take another shot at the company. And maybe they will get much further and that may spell trouble for the GrayShift.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: