Grayshift's $15,000 GrayKey promises to unlock Apple iPhones

Security researchers warn over pocket-sized device that can unlock encrypted iOS devices

iPhone 8

A new pocket-sized device that promises to unlock Apple iPhones has raised concerns over privacy consequences.

Called GrayKey, the box is claimed to be able to unlock iPhones without needing to enter a passcode. US-based firm Grayshift is selling the devices for $15,000 for 300 attempts to unlock devices, or $30,000 for unlimited attempts.

According to a blog post by researchers at cyber security company Malwarebytes, the device is four inches wide by four inches deep, and two inches tall, with two lightning cables sticking out of the front. The device is aimed at law enforcement officials and labs.

Researchers said that an anonymous source told them that two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked.

"Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source," said researchers.

They added that it can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, noted Grayshift.

When the device is unlocked, the contents of the phone are downloaded to the GrayKey device. From there, they can be accessed through a web-based interface on a connected computer and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download, according to researchers.

The device appears to work with the latest iPhones and iOS version 11.2.5.

Researchers warned that while this was a boon for law enforcement if it falls into the wrong hands, it could still continue to work.

"Such a device could fetch a high price on the black market, giving thieves the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones," said Thomas Reed, director of Mac & Mobile at Malwarebytes.

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

The ultimate guide to landing a cybersecurity career
Careers & training

The ultimate guide to landing a cybersecurity career

30 Sep 2020
8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google removes 17 apps infected with evasive ‘Joker’ malware
malware

Google removes 17 apps infected with evasive ‘Joker’ malware

28 Sep 2020