Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]

POST

MAIL

Posted March 16, 2018 at 3:29am by iClarified

Photos have surfaced of a mysterious 'GrayKey' device that can reveal your iPhone passcode to law enforcement agencies in just a few hours.

News of the device, which claims to be able to unlock pretty much any modern iPhone, first surfaced a couple weeks ago. Forbes reported that various police and forensics groups were offered access to the unlocking tool. For $15,000 the device permits 300 uses in an online mode requiring constant connectivity. For $30,000, the device works offline with unlimited uses. The GrayKey box is being sold by Greyshift, a company which appears to be run by an ex-Apple security engineer and long-time U.S. intelligence agency contractors.

Mysterious 'GrayKey' Device Reveals Your iPhone Passcode to Law Enforcement [Photos]

Today, MalwareBytes posted the first photo of the device along with an explanation of how it's used. The device itself is about 4"x4"x2" with two Lightning cables sticking out of the front.

Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.

Once the device is unlocked, the full contents of its filesystem are downloaded to the GrayKey device. From there, they can be accessed via a web interface on a connected computer and downloaded for further analysis. The full unencrypted contents of the keychain can also be downloaded.

Since Grayshift is allowing agencies to purchase an offline model of the device, it's just a matter of time until it falls into the wrong hands, if it hasn't already. This is a major security concern for all iOS users as it renders most passcodes useless.

Apple has yet to comment on the device. Presumably, if it gets a hold of the GrayKey box, the vulnerability could be patched with a software update. Please follow iClarified on Twitter, Facebook, or RSS for further developments.

Read More

Follow iClarified

lekdon234 - March 19, 2018 at 11:46am

to me its very wrong for this ideas,reason is this the thieves out there will now start stealing our iphones more and more which is unfair. so think twice.....

Reply · Like

shane o MAc - March 19, 2018 at 10:23pm

yeah until someone you love dies and you cant get their information, plus theres apple icloud locks.

Evas10n - March 17, 2018 at 9:13pm

I can see a court case coming with this.

Evas10n - March 17, 2018 at 9:10pm

What if, upon setting phone up you click on don’t use passcode but stick with face id only?

None45 - March 16, 2018 at 10:32pm

I want one. Jokes aside, if you ha e something to hide stop using 4-6 digit passwords. Used a Alphabetical, Numerical and symbolic Password that’s 10 characters at minimum. It will take that thing years to crack. Alright, who has one for $40k ready to spend some money.

Kornmehl - March 16, 2018 at 8:25pm

Is there any proof that this is true and not just an elaborate hoax?

? - March 16, 2018 at 2:00pm

Sarcasm?

BeSafePeople - March 16, 2018 at 10:16am

When you Change Passcode, tap on Passcode Options and choose Custom Alphanumeric Code and use 6-8 long alphanumeric characters as your passcode. Use different passcode for iCloud and your iPhone.

why? - March 16, 2018 at 11:32am

It can still crack the code, it will just take longer.

tomheuod - March 16, 2018 at 10:06am

Probably in offline mode the device can be rendered useless by apple via software update on the phones (which takes time to propagate), but in online mode the device can be updated too. let the race begin!

Kendall Jenner - March 16, 2018 at 10:04am

Law enforcement uses this? I would think criminals with stolen iDevices would use it. What happened to the 4th Amendment? Make sure you set the option to wipe after 10 failed pins...

that - March 16, 2018 at 11:31am

This doesn't keep trying different codes, this cracks the phone.

Camfella - March 16, 2018 at 6:18am

Something doesn’t seem right about an ex employee using his knowledge of the hardware to turn around and screw the employer?

waheb09 - March 16, 2018 at 5:33am

For 15000 !! I'll take 2 and I'll give them the iphone and the passcode and a signed naked picture of me, now how about that for a deal! Huh

Joseph - March 16, 2018 at 4:54am

“Vulnerability”. This is obviously the wrong word choice as this guy was claimed to be an ex Apple security engineer and also a government contractor. This was a built entrance by someone who understands/ built the component being used.

komo - March 16, 2018 at 4:14am

what about faceid ?

this - March 16, 2018 at 11:29am

The phone still has a passcode.

gamerscul9870 - March 16, 2018 at 3:48am

Guess their will never be a next time since that one time in 2015 where the guy needed to unlock his iPhone for evidence within it but refused to and was held hostage until then.

curtixman - March 16, 2018 at 3:43am

Guess now we know why the FBI stopped crying

The Watcher - March 16, 2018 at 3:41am

Build a better mousetrap, they build a better mouse...