Photos have surfaced of a mysterious 'GrayKey' device that can reveal your iPhone passcode to law enforcement agencies in just a few hours.
News of the device, which claims to be able to unlock pretty much any modern iPhone, first surfaced a couple weeks ago. Forbes reported that various police and forensics groups were offered access to the unlocking tool. For $15,000 the device permits 300 uses in an online mode requiring constant connectivity. For $30,000, the device works offline with unlimited uses. The GrayKey box is being sold by Greyshift, a company which appears to be run by an ex-Apple security engineer and long-time U.S. intelligence agency contractors.
Today, MalwareBytes posted the first photo of the device along with an explanation of how it's used. The device itself is about 4"x4"x2" with two Lightning cables sticking out of the front.
Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.
Once the device is unlocked, the full contents of its filesystem are downloaded to the GrayKey device. From there, they can be accessed via a web interface on a connected computer and downloaded for further analysis. The full unencrypted contents of the keychain can also be downloaded.
Since Grayshift is allowing agencies to purchase an offline model of the device, it's just a matter of time until it falls into the wrong hands, if it hasn't already. This is a major security concern for all iOS users as it renders most passcodes useless.
Apple has yet to comment on the device. Presumably, if it gets a hold of the GrayKey box, the vulnerability could be patched with a software update. Please follow iClarified on Twitter, Facebook, or RSS for further developments.
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (19)
Comments are closed for this article.
0
lekdon234 - March 19, 2018 at 11:46am
to me its very wrong for this ideas,reason is this the thieves out there will now start stealing our iphones more and more which is unfair. so think twice.....
0
shane o MAc - March 19, 2018 at 10:23pm
yeah until someone you love dies and you cant get their information, plus theres apple icloud locks.
0
Evas10n - March 17, 2018 at 9:13pm
I can see a court case coming with this.
0
Evas10n - March 17, 2018 at 9:10pm
What if, upon setting phone up you click on don’t use passcode but stick with face id only?
0
None45 - March 16, 2018 at 10:32pm
I want one. Jokes aside, if you ha e something to hide stop using 4-6 digit passwords. Used a Alphabetical, Numerical and symbolic Password that’s 10 characters at minimum. It will take that thing years to crack. Alright, who has one for $40k ready to spend some money.
0
Kornmehl - March 16, 2018 at 8:25pm
Is there any proof that this is true and not just an elaborate hoax?
0
BeSafePeople - March 16, 2018 at 10:16am
When you Change Passcode, tap on Passcode Options and choose Custom Alphanumeric Code and use 6-8 long alphanumeric characters as your passcode. Use different passcode for iCloud and your iPhone.
0
why? - March 16, 2018 at 11:32am
It can still crack the code, it will just take longer.
0
tomheuod - March 16, 2018 at 10:06am
Probably in offline mode the device can be rendered useless by apple via software update on the phones (which takes time to propagate), but in online mode the device can be updated too. let the race begin!
0
Kendall Jenner - March 16, 2018 at 10:04am
Law enforcement uses this? I would think criminals with stolen iDevices would use it. What happened to the 4th Amendment? Make sure you set the option to wipe after 10 failed pins...
0
that - March 16, 2018 at 11:31am
This doesn't keep trying different codes, this cracks the phone.
0
Camfella - March 16, 2018 at 6:18am
Something doesn’t seem right about an ex employee using his knowledge of the hardware to turn around and screw the employer?
0
waheb09 - March 16, 2018 at 5:33am
For 15000 !! I'll take 2 and I'll give them the iphone and the passcode, now how about that for a deal! Huh
0
Joseph - March 16, 2018 at 4:54am
“Vulnerability”. This is obviously the wrong word choice as this guy was claimed to be an ex Apple security engineer and also a government contractor. This was a built entrance by someone who understands/ built the component being used.
0
komo - March 16, 2018 at 4:14am
what about faceid ?
0
this - March 16, 2018 at 11:29am
The phone still has a passcode.
0
gamerscul9870 - March 16, 2018 at 3:48am
Guess their will never be a next time since that one time in 2015 where the guy needed to unlock his iPhone for evidence within it but refused to and was held hostage until then.
0
curtixman - March 16, 2018 at 3:43am
Guess now we know why the FBI stopped crying
0
The Watcher - March 16, 2018 at 3:41am
Build a better mousetrap, they build a better mouse...
![Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]](/images/news/64984/313786/313786-64.png "Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]")
![Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]](/images/news/64984/313788/313788.jpg "Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]")
![Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]](/images/news/64984/313783/313783-640.png "Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]")
![Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]](/images/news/64984/313780/313780-640.png "Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]")
![Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]](/images/news/64984/313777/313777-640.png "Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]")
![Apple's Next-Gen CarPlay Set to Expand Beyond Luxury Cars With Hyundai, Kia [Gurman]](/images/news/99810/99810/99810-160.jpg "Apple's Next-Gen CarPlay Set to Expand Beyond Luxury Cars With Hyundai, Kia [Gurman]")
![Apple Exploring Clamshell 'iPhone Flip' as Follow-Up to 2026 Foldable [Gurman]](/images/news/99809/99809/99809-160.jpg "Apple Exploring Clamshell 'iPhone Flip' as Follow-Up to 2026 Foldable [Gurman]")
![Apple Prepares M5 Pro and M5 Max MacBook Pro Launch as Inventory Tightens [Gurman]](/images/news/99806/99806/99806-160.jpg "Apple Prepares M5 Pro and M5 Max MacBook Pro Launch as Inventory Tightens [Gurman]")
![Apple Watch Series 11 Drops Back to All-Time Low of $299 [Deal]](/images/news/99283/99283/99283-160.jpg "Apple Watch Series 11 Drops Back to All-Time Low of $299 [Deal]")
![Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]](/images/news/99794/99794/99794-160.jpg "Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]")
![AirPods Pro 3 Return to All-Time Low Price of $199 [Deal]](/images/news/99752/99752/99752-160.jpg "AirPods Pro 3 Return to All-Time Low Price of $199 [Deal]")
![Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]](/images/news/99729/99729/99729-160.jpg "Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]")
![Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]](/images/news/99716/99716/99716-160.jpg "Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]")
