Grayshift's $15,000 GrayKey promises to unlock Apple iPhones
Security researchers warn over pocket-sized device that can unlock encrypted iOS devices
A new pocket-sized device that promises to unlock Apple iPhones has raised concerns over privacy consequences.
Called GrayKey, the box is claimed to be able to unlock iPhones without needing to enter a passcode. US-based firm Grayshift is selling the devices for $15,000 for 300 attempts to unlock devices, or $30,000 for unlimited attempts.
According to a blog post by researchers at cyber security company Malwarebytes, the device is four inches wide by four inches deep, and two inches tall, with two lightning cables sticking out of the front. The device is aimed at law enforcement officials and labs.
Researchers said that an anonymous source told them that two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked.
"Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source," said researchers.
They added that it can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, noted Grayshift.
When the device is unlocked, the contents of the phone are downloaded to the GrayKey device. From there, they can be accessed through a web-based interface on a connected computer and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download, according to researchers.
The device appears to work with the latest iPhones and iOS version 11.2.5.
Researchers warned that while this was a boon for law enforcement if it falls into the wrong hands, it could still continue to work.
"Such a device could fetch a high price on the black market, giving thieves the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones," said Thomas Reed, director of Mac & Mobile at Malwarebytes.