It’s been a few years since the San Bernardino debacle between law enforcement and Apple over the company refusing to create a back door to unlock an iPhone. After going back and forth on the case, the FBI eventually dropped the case entirely after it found a third-party company able to gain access to the device.
However, in 2017, a company by the name of ‘Grayshift’ created a device called ‘GrayKey’ that successfully unlocked iPhones without knowing the passcode.
Based in Atlanta, Georgia, the company employs less than 50 employees, and up until this point it was unknown whether ‘GrayKey’ was a service or product. However, MalwareBytes has been able to get their hands on some photos of the device, and notes that the “website is protected by a portal that screens for law enforcement affiliation.”
The site says GrayKey is a device used in-house at local law enforcement labs and offices, vastly different than Cellebrite, the company behind the unlocking of the iPhone 5c in the San Bernardino case.
The report notes that while this is good for law enforcement, it imposes a risk and should be a concern for the public.
The device itself, which is a box that is four inches wide by four inches deep by two inches tall, with two lightning cables sticking out of the front. You’re able to plug in two iPhones at the same time to the box, however, it will only unlock one iPhone at a time.
After two minutes, the device is unplugged but not yet cracked. It can take anywhere between 2 hours and 3 days depending on the length and complexity of the passcode. The iPhone will display a black screen with the passcode on it.
The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked.
After the device is fully unlocked, the contents of the backup as well as the full filesystem can be downloaded onto the GrayKey device. And as seen from the picture above, it works with the latest hardware (iPhone X), and the latest software (11.2.5 at the time the photo was taken).
But getting your hands on the device will be pricy, let alone being required to be law enforcement to even know about it. It comes in two options: $15,000 and $30,000, with the former will requiring an internet connection and will geofence to that location, meaning it will not work outside of the original network.
The $30,000 option will not require an internet connection and will allow unlimited attempts on unlimited devices, presumably until the security hole is patched.
The offline model does require token-based two-factor authentication as a replacement for geofencing for ensuring security. However, as people often write passwords on stickies and put them on their monitors, it’s probably too much to hope that the token will be kept in a separate location when the GrayKey is not being used. Most likely, it will be stored nearby for easy access.
Fortunately, boxes like these are short lived. Previously, there was a box known as IP-Box that worked up until iOS 8.2, which forced the creators to build IP-Box 2. The device unfortunately got out of the hands of law enforcement, and is still available to purchase on Amazon today for those who are interested.
Gray Key is presumably a software exploit, and as soon as Apple figures out the loophole, the company will certainly push out a software update to fix it, thus rendering the device completely useless.
It’ll be interesting to see how long the device can be used, and if law enforcement is able to keep the device under wraps. Such a device getting into the wrong hands could create chaos.