Shadowy startup offers to unlock iPhone X for Feds

By

Mysterious outfit Grayshift says it can unlock iPhone and iPad.
Mysterious outfit Grayshift says it can unlock iPhone and iPad.
Photo: Kaique Rocha/Pexels CC

Using a strong passcode makes the iPhone very secure, but two companies are now offering to unlock them. For a hefty price, of course.

Israeli company Cellebrite has been in the business of unlocking iOS devices for some time, but it stays quite secretive about its business. Today, however, plenty of details on a new rival called Grayshift came to light.

iPhone locked down hard

Putting a passcode onto an iPhone or iPad encrypts everything on the device. That means simple physical access to the iOS device does not allow a potential hacker to read its contents. And owners can configure the device to erase itself after 10 unsuccessful password attempts.

But law enforcement and espionage agencies want to read the contents of Apple devices. Grayshift recently began offering an application to unlock iPhones or iPads that starts at $15,000. The company’s marketing materials leaked to Forbes, giving a rare glimpse inside this secretive world of iPhone hackers.

Unlock almost any iPhone and iPad

Grayshift’s tool, called GrayKey, reportedly can unlock any iOS 11 or iOS 10 device, including every handset since the iPhone 5s and every tablet since the iPad Air.

The basic $15,000 app is good for 300 unlocks, or $50 for each use. For $30,000, Grayshift will allow unlimited uses.

That makes this company’s business model somewhat different from that of Cellebrite, which requires every Apple device be sent to its lab to be unlocked. How much Cellebrite charges to unlock a phone isn’t publicly known.

But there are similarities. Neither company can remotely hack an iPhone or iPad. The person doing the unlocking must have physical access to the device.

How GrayKey works isn’t explained by the company’s marketing materials, but the documents do say the software “prioritizes common and date-based passcodes” and “supports 4-digit, 6-digit, and complex passcodes.” This indicates that it uses a brute-force method, trying a long succession of codes until one proves successful. That makes it likely that the software’s major feature is that it can disable the iOS limit on the number of passcode attempts allowed.

A risky business

Both Grayshift and Cellebrite depend on flaws they’ve found in iOS security that have not yet been discovered (or at least fixed) by Apple. Any new version of the operating system could close these holes, breaking the unlock tools.

Apple is actively trying to do this, of course. GrayKey may be the first to become useless, as it’s quite possible Apple will get access to this application and puzzle out how it works. Cellebrite‘s policy of performing all unlocks itself makes it harder on Apple’s developers.