Grayshift's $15,000 GrayKey promises to unlock Apple iPhones

Security researchers warn over pocket-sized device that can unlock encrypted iOS devices

iPhone 8

A new pocket-sized device that promises to unlock Apple iPhones has raised concerns over privacy consequences.

Called GrayKey, the box is claimed to be able to unlock iPhones without needing to enter a passcode. US-based firm Grayshift is selling the devices for $15,000 for 300 attempts to unlock devices, or $30,000 for unlimited attempts.

Advertisement - Article continues below

According to a blog post by researchers at cyber security company Malwarebytes, the device is four inches wide by four inches deep, and two inches tall, with two lightning cables sticking out of the front. The device is aimed at law enforcement officials and labs.

Researchers said that an anonymous source told them that two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked.

"Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source," said researchers.

They added that it can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, noted Grayshift.

When the device is unlocked, the contents of the phone are downloaded to the GrayKey device. From there, they can be accessed through a web-based interface on a connected computer and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download, according to researchers.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The device appears to work with the latest iPhones and iOS version 11.2.5.

Researchers warned that while this was a boon for law enforcement if it falls into the wrong hands, it could still continue to work.

"Such a device could fetch a high price on the black market, giving thieves the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones," said Thomas Reed, director of Mac & Mobile at Malwarebytes.

Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020