GrayKey iPhone unlocker could be a black market goldmine

By

GrayKey can bypass iPhone security
GrayKey can bypass iPhone security. It’s supposed to be only for police but...
Photo: Ed Hardy/ Cult of Mac

More details have come to light about the GrayKey iPhone unlocker, and it turns out it’s even more likely to fall into the wrong hands than first thought.

This tool is very expensive, and is intended for use only by law enforcement, but stolen units could someday be available on the black market where they would be a goldmine for identity thieves.

Apple built security into the iPhone from the ground up. But law enforcement wants a way to unlock iOS devices in criminal investigations, something Apple refuses to cooperate with because it would require making all iPhones insecure. The F.B.I. and other police organizations can use tools like the GrayKey instead, though the head of the F.B.I. wants a better solution.

GrayKey can be stolen

Grayshift, the maker of the GrayKey hacking tool, offers it in two versions. The $15,000 one can only be used 300 times, and must be connected to a Grayshift server by the network it was first set up on. This geofencing essentially makes it useless if stolen.

The $30,000 version is far less secure. It can unlock an unlimited number of iPhones, be used on any network, and needs no connection to Grayshift. It does require authentication, but if the password is stolen along with GrayKey hardware then it can be used by the thief to unlock all the iPhones they wish.

While this version of the hacking tool comes with a hefty price tag, and a stolen one would likely go far higher on the black market, large criminal organizations will pay. Being able to pull financial and other private data off all the iPhones they steal will allow them to recoup the cost.

How GrayKey unlocks an iPhone

A GrayKey is a small box with two Lightning connectors, according to details that were leaked to Malwarebytes. An iPhone needs to be connected only briefly, but the process of determining the device’s passcode can take days as thousands or even millions of possible passcodes are tried.

The iOS tries very hard to prevent “brute-force” attacks like this, but Grayshift has found a vulnerability in the operating system. Apple will, of course, close that security hole if it can find it, rendering the GrayKey useless.

Once the device is cracked, the passcode is displayed and all the data stored on the iPhone is copied to the GrayKey where it can then be accessed through a web interface.