Grayshift's $15,000 GrayKey promises to unlock Apple iPhones

Security researchers warn over pocket-sized device that can unlock encrypted iOS devices

iPhone 8

A new pocket-sized device that promises to unlock Apple iPhones has raised concerns over privacy consequences.

Called GrayKey, the box is claimed to be able to unlock iPhones without needing to enter a passcode. US-based firm Grayshift is selling the devices for $15,000 for 300 attempts to unlock devices, or $30,000 for unlimited attempts.

According to a blog post by researchers at cyber security company Malwarebytes, the device is four inches wide by four inches deep, and two inches tall, with two lightning cables sticking out of the front. The device is aimed at law enforcement officials and labs.

Researchers said that an anonymous source told them that two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked.

"Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source," said researchers.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

They added that it can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, noted Grayshift.

When the device is unlocked, the contents of the phone are downloaded to the GrayKey device. From there, they can be accessed through a web-based interface on a connected computer and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download, according to researchers.

The device appears to work with the latest iPhones and iOS version 11.2.5.

Researchers warned that while this was a boon for law enforcement if it falls into the wrong hands, it could still continue to work.

"Such a device could fetch a high price on the black market, giving thieves the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones," said Thomas Reed, director of Mac & Mobile at Malwarebytes.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020