Photos have surfaced of a mysterious 'GrayKey' device that can reveal your iPhone passcode to law enforcement agencies in just a few hours.
News of the device, which claims to be able to unlock pretty much any modern iPhone, first surfaced a couple weeks ago. Forbes reported that various police and forensics groups were offered access to the unlocking tool. For $15,000 the device permits 300 uses in an online mode requiring constant connectivity. For $30,000, the device works offline with unlimited uses. The GrayKey box is being sold by Greyshift, a company which appears to be run by an ex-Apple security engineer and long-time U.S. intelligence agency contractors.
Today, MalwareBytes posted the first photo of the device along with an explanation of how it's used. The device itself is about 4"x4"x2" with two Lightning cables sticking out of the front.
Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.
Once the device is unlocked, the full contents of its filesystem are downloaded to the GrayKey device. From there, they can be accessed via a web interface on a connected computer and downloaded for further analysis. The full unencrypted contents of the keychain can also be downloaded.
Since Grayshift is allowing agencies to purchase an offline model of the device, it's just a matter of time until it falls into the wrong hands, if it hasn't already. This is a major security concern for all iOS users as it renders most passcodes useless.
Apple has yet to comment on the device. Presumably, if it gets a hold of the GrayKey box, the vulnerability could be patched with a software update. Please follow iClarified on Twitter, Facebook, or RSS for further developments.
Read More
News of the device, which claims to be able to unlock pretty much any modern iPhone, first surfaced a couple weeks ago. Forbes reported that various police and forensics groups were offered access to the unlocking tool. For $15,000 the device permits 300 uses in an online mode requiring constant connectivity. For $30,000, the device works offline with unlimited uses. The GrayKey box is being sold by Greyshift, a company which appears to be run by an ex-Apple security engineer and long-time U.S. intelligence agency contractors.
Today, MalwareBytes posted the first photo of the device along with an explanation of how it's used. The device itself is about 4"x4"x2" with two Lightning cables sticking out of the front.
Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.
Once the device is unlocked, the full contents of its filesystem are downloaded to the GrayKey device. From there, they can be accessed via a web interface on a connected computer and downloaded for further analysis. The full unencrypted contents of the keychain can also be downloaded.
Since Grayshift is allowing agencies to purchase an offline model of the device, it's just a matter of time until it falls into the wrong hands, if it hasn't already. This is a major security concern for all iOS users as it renders most passcodes useless.
Apple has yet to comment on the device. Presumably, if it gets a hold of the GrayKey box, the vulnerability could be patched with a software update. Please follow iClarified on Twitter, Facebook, or RSS for further developments.
Read More