Grayshift's $15,000 GrayKey promises to unlock Apple iPhones

Security researchers warn over pocket-sized device that can unlock encrypted iOS devices

iPhone 8

A new pocket-sized device that promises to unlock Apple iPhones has raised concerns over privacy consequences.

Called GrayKey, the box is claimed to be able to unlock iPhones without needing to enter a passcode. US-based firm Grayshift is selling the devices for $15,000 for 300 attempts to unlock devices, or $30,000 for unlimited attempts.

According to a blog post by researchers at cyber security company Malwarebytes, the device is four inches wide by four inches deep, and two inches tall, with two lightning cables sticking out of the front. The device is aimed at law enforcement officials and labs.

Researchers said that an anonymous source told them that two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked.

"Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source," said researchers.

Advertisement
Advertisement - Article continues below

They added that it can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, noted Grayshift.

When the device is unlocked, the contents of the phone are downloaded to the GrayKey device. From there, they can be accessed through a web-based interface on a connected computer and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download, according to researchers.

The device appears to work with the latest iPhones and iOS version 11.2.5.

Researchers warned that while this was a boon for law enforcement if it falls into the wrong hands, it could still continue to work.

"Such a device could fetch a high price on the black market, giving thieves the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones," said Thomas Reed, director of Mac & Mobile at Malwarebytes.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019