The GrayKey iPhone Unlocker is an IOS hacking device marketed to law enforcement, which uses an undisclosed vulnerability to bypass iPhone disk encryption. The worrying part is that these vulnerabilities are still un-patched, meaning that another device using the same vulnerability could potentially unlock up-to-date iPhones. Later in the article Apple's security updates will be discussed. The GrayKey is a grey box, about 10cm X 10xm X 5cm, with two lightning cables (usb cables for iPhone 10) protruding out from the front. Two iPhones can be connected at one time, and must be connected for only about 2 minutes, they can then be disconnected but are still being cracked. As with all brute-force methods, the amount of time varies. One demonstration to Law Enforcement took only 2 hours according to Malwarebytes, and it can take up to 3 days for 6 digit passphrases, the time for longer ones is not mentioned. The contents of the phone are then downloaded to the GrayKey, which can be connected to a computer via a web-app, and the contents of the phone, including the full, unencrypted keychain are downloadable.
A close up of the GrayKey Device from Grayshift
The company that the created the GrayKey, called Grayshift, with less that 50 employees, one of whom is an ex-Apple security engineer. The GrayKey works on the latest IOS and hardware, which is somewhat unnerving, however it is only being sold to law enforcement agencies, to be used in-house, so the risk is minimal. The vulnerability is also soon to be mitigated in an IOS update, and the GreyKey device requires either $15,000 (USD) and internet connection (it is Geofenced so it can only be used on the one network), or the $30,000 version which requires no internet connection but employs 2 step authentication, making use by thieves unlikely. So far, it is only confirmed to have been sold in the US, as can be seen by this map
, but common-sense suggests it will likely be adopted to some degree in other countries like Australia.
Though, fears aren't entirely unfounded. An older cracking tool for IOS 8.2 called IP-box 2, demonstrates this. It quickly became widely available and was used, almost exclusively illicitly. The devices are still widely abailable, and can be bought on a variety of websites, including amazon.
The GrayKey web-based dashboard, successfully cracking the latest IOS and hardware.
Apple reports it is aiming to protect all customers, given the risk in countries where phones are readily obtained by police or by criminals with extensive resources, as well as to prevent others from exploiting the vulnerability. The expected update will change default settings in the iPhone OS, thus cutting off communication through USB ports when the phone hasn't been unlocked in the past hour. This port is how machines created by such companies as Grayshift, and others such as Cellebrite, get around the security settings that limit how many guesses can be made at the password before the device freezes up and erases all data. They will now only be able to run code through these ports in the hour after the iPhone is unlocked. This is not enough time to brute-force a passcode in most cases, and in either case, the phone must be unlocked immediately before plugging into the device once the update is enabled.