GrayKey: The Device Reveals Your iPhone Passcode To Law Enforcement
More than a year ago, when Apple refused to help the U.S. government in cracking the iPhone 5c of the shooter behind the December 2015 San Bernardino terror attack, the Redmond giant approached an Israel security firm ‘Cellebrite’ to build a backdoor into the iOS of the iPhone.
For those unaware, Cellebrite specializes in extracting data from mobile phones for law enforcement agencies, and is being extensively used by the U.S. and UK police.
However, recently news of a new mysterious iPhone unlocking device known as ‘GrayKey’ has surfaced that can be can disclose your iPhone passcode to law enforcement agencies in just a few hours.
According to a report from security firm Malwarebytes, who also shared photos and additional information about the product, mention that the GrayKey box is a small, portable gray box equipped with dual Lightning cables that is designed for law enforcement officials.
Developed by Grayshift, a company based in Atlanta, Georgia, the GrayKey device was not known until late 2017. However, earlier this month, a Forbes report provided the first information of the iPhone unlocker device. According to the report, Grayshift founded in 2016 employs less than 50 employees and appears to be run by an ex-Apple security engineer and long-time U.S. intelligence agency contractors. Little was known publicly about this device—or even whether it was a device or a service—until recently, as the GrayKey’s website is protected by a portal that screens for law enforcement affiliation.
According to Forbes, the GrayKey iPhone unlocker device is designed for in-house use at law enforcement offices or labs and is completely different from Cellebrite’s overall business model. This device puts complete control of the process in the hands of law enforcement raising security concerns over a standalone device.
So, how does this mysterious device works? According to Malwarebyte’s report, GrayKey is a gray box, four inches wide by four inches deep by two inches tall, with two lightning cables sticking out of the front that can connect two iPhones at the same time. Once plugged in, GrayKey installs proprietor software that guesses an iPhone’s passcode. After about two minutes of plugging the GrayKey device, the iPhones are disconnected from the cable. Even after disconnection, the software will continue running on the iPhones to crack the security.
To unlock a short four-digit passcode, the box takes as little as a couple hours, while it can take up to three days or longer to unlock a six-digit passcode. Once it guesses the passcode, it’s displayed directly on the iPhone’s display. After the device is unlocked, the entire data on the iPhone, including the unencrypted contents of the Keychain are downloaded to the GrayKey device, which can then be accessed and downloaded to a computer via a web-based interface.
Based on the pictures obtained by the security firm, the device can unlock most Lightning-equipped iPhone devices running newer versions of iOS. Apparently, it works with the iPhone X and iOS 11.2.5. It will also probably work with iOS 11.2.6, unless Apple has managed to fix the loophole(s) in the latest operating system update.
Currently, two versions of the GrayKey device are being offered. The first one is in the form of a geo-locked $15,000 USD device, which requires an internet connection and has a limit to the number of unlocks it can perform. The second one is an unlocked $30,000 device that doesn’t require an Internet connection to function, and can be practically used anywhere.
However, MalwareBytes worries that the portable version of the GrayKey could easily fall into the wrong hands. It uses two-factor authentication, but given that people “often write passwords on stickies and put them on their monitors,” it’s possible that the token could be kept in the same location as the device. Most likely, it will be stored nearby for easy access.
“What happens if the GrayKey becomes commonplace in law enforcement? The cheaper model isn’t much of a danger if stolen–unless it’s stolen prior to setup–but at 4?x 4?x 2?, the unlimited model could be pocketed fairly easily, along with its token, if stored nearby. Once off-site, it would continue to work. Such a device could fetch a high price on the black market, giving thieves the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones,” reads the report.
The GrayKey device is undoubtedly a boon for the law enforcement agencies. However, what would be interesting to see is how long can the law enforcement agencies keep the device confidential and avoid letting it fall in the wrong hands.