GrayKey: Police Get Legal iPhone Hacking Tool

You Should Be Afraid Of This Box.. iPhone SE 2 Leaked? Apple News [Video]

Video uploaded by EverythingApplePro E A P on March 15, 2018

GrayKey: The U.S. Police Now Have a Legal iPhone Hacking Tool

A new device called GrayKey costs $15,000 and can easily hack iPhones’ passcodes, a small Atlanta company promises.

The Grayshift company sprang out of nowhere and striked a deal with law enforcement divisions from the start. The deal was kept hush until “Forbes” discovered its details, and released it to the public. The site zdnet.com managed to identify one of the Grayshift members on LinkedIn as Braden Thomas who worked as an Apple security engineer for six years since 2006.

We tried Linkedin as well and managed to find just one member listed: David Miles, who positions himself as a Cyber Security Entrepreneur. With his background in IBM Internet Security System, Endgame and Optive he must have had a lot of experience in cyber security.

His new company though, is very seclusive. You have to fill out a form to get access to the Grayshift site. This form asks for your job info, address of company you work for, website, as well as email. Not exactly like enrolling in the CIA, but very close to it.

The device that Grayshift offers, betrays nothing of its origin and looks pretty innocent. It basically looks like a palm-size gray plastic box one can easily mix up with a set top box or an external hard drive. Thomas Reed in the Malwarebytes Blog described the process of hacking as follows.

The GrayKey box has two Lightning cables and can connect one or two iPhones at once for two minutes.

Once disconnected from the device, the phones will display a black screen with their passcode and other information. As you can see, it’s pretty simple. The source says, it takes the phone from two hours up to three days to display the passcode (for six-digit passwords). These periods of time are mentioned in the Grayshift documentation but the time for longer passcodes isn’t specified. The GrayKey allegedly can unlock disabled phones as well.

Introducing GrayKey. Image from Grayshift website.

After a successful unlock, phone content is then downloaded to the GrayKey again. The box continues to serve as a mediator. The only way to download both the encrypted and non-encrypted content is through a web based interface on a connected computer.

The fifteen thousand dollars worth device is geofenced, or in other words, set up to work within a specific network only. It cannot be reached from outside the police network.

The principles behind the GrayKey box are still unknown. They can be similar to those of the Israeli based company Cellebrite or to the algorithms suggested by professor Skorobogatov from Cambridge University. As you may remember, Skorobogatov hacked the Apple passwords retry limitation, making the number of deciphering attempts infinite. He had to disassemble the iPhone and use a DIY hardware contraption to do this. With GrayKey no disassembling is needed.

Grayshift also suggests the $30 000 standalone decryption equipment that can connect any number of iPhones.

The police and FBI have been dreaming of getting reliable iOS forensic tools for a while now. As the case of San-Bernardino shooter showed, Apple is not going to betray their clients’ trust in the security of i-devices. Senior FBI forensic examiner Stephen R. Flatley cracked down the Cupertino company for creating a fault-proof iOS decryption system and used the words ‘evil geniuses’ to describe his vision of the situation.

Under these circumstances the GrayKey is a windfall. The police of Indiana and New York city reportedly bought several forensic devices. If they prove to be reliable and working, there will be more of them coming. We at iGotOffer, think that this is very bad news for iPhone users all around the world. Sooner or later, but probably, sooner than later, the Grayshift technology will find way to the authoritative countries where it can become a tool of oppression for unscrupulous governments, as well as criminals.

Apple hasn’t commented on the matter yet. Surely, the security engineering department in Cupertino is facing a great challenge: they have to retro-engineer the hacking technology and upgrade their own encryption algorithm.

Update: We reached out to the Malwarebytes team and they kindly agreed to answer a few questions to shed the light on some details. Stay tuned!

Links

• GrayKey Device ‘Can Unlock Latest iPhones’ – Silicon UK.
• Disk Security: How To Encrypt Your Mac With FileVault – iGotOffer.
• Sell your iPhone online for the best price – iGotOffer.
• Check IMEI – Trying to check IMEI/MEID/ESN for iPhone, iPad, cell Phone, tablet or any other device? You can find complete IMEI history on iGotOffer’s website. We update the database every day. The access is free.
• iCloud Check – You don’t know if your “Find My iPhone” status is ON or OFF? Visit iGotOffer.com to get instantly all the information. All Apple devices with IMEI number are supported (iPhone, iPad, Apple Watch).
• Everything About Apple’s Products – The complete guide to all Apple consumer electronic products, including technical specifications, identifiers and other valuable information.