'GrayKey' iPhone Unlocking Box Used by Law Enforcement Shown Off in Photos

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Mar 15, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Last week, news of a previously-unknown iPhone unlocking device called GrayKey surfaced, and today, MalwareBytes shared photos and additional information about the product, which is designed for law enforcement officials.

    Created by a company named Grayshift, GrayKey is a small, portable gray box equipped with dual Lightning cables.

    [​IMG]

    Two iPhones can be connected to the GrayKey at once, and need to be connected for about two minutes to install proprietary software that's designed to guess the passcode for an iPhone. Once the software is installed, it will work to crack the passcode, a process that can take as little as a few hours for a short passcode or several days for a longer six-digit passcode.

    Once the GrayKey software has cracked the passcode, it'll be displayed right on the screen of the iPhone. The iPhone can then be plugged back into the GrayKey to download all of the data on the iPhone, including the unencrypted contents of the Keychain, which can then be accessed using a computer.

    [​IMG]

    Based on screenshots, the GrayKey can crack modern iPhones running modern versions of iOS. It works with the iPhone X and iOS 11.2.5, the version of iOS that was likely available when the screenshots were captured. It probably also works with iOS 11.2.6, unless Apple has managed to block it in the latest operating system update.

    [​IMG]

    Grayshift presumably designed the GrayKey for law enforcement professionals, and it's relatively expensive. A $15,000 option requires internet connectivity and is geofenced to a specific location once set up, while a $30,000 option requires no internet connection and can be used anywhere.

    MalwareBytes worries that the portable version of the GrayKey could easily fall into the wrong hands. It uses two-factor authentication, but given that people "often write passwords on stickies and put them on their monitors," it's possible the token could be kept in the same location as the device.
    How the GrayKey works is not known, but it's believed to be using some sort of jailbreaking process that could damage iPhones in some way. It's also not known how the GrayKey device itself is protecting data that's stored on it, and whether or not the data could be remotely accessed by hackers.

    It's also unknown who Grayshift is selling the devices to. It's possible that sales are limited to law enforcement officials in the United States, but it's also possible that it's being offered abroad. Other devices of this type have slipped out of the hands of law enforcement and have become widely available, so the same could happen with the GrayKey.

    Apple is continually working to fix the kinds of exploits used by devices like the GrayKey, so it's possible whatever mechanism the box uses will be fixed in a future update. The average iPhone owner likely doesn't need to worry about the GrayKey, but as MalwareBytes points out, it is troublesome knowing such a device could fall into the hands of malicious entities.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: 'GrayKey' iPhone Unlocking Box Used by Law Enforcement Shown Off in Photos
     
  2. thadoggfather macrumors G4

    thadoggfather

    Joined:
    Oct 1, 2007
    #2
    Some sorta Jailbreaking process huh?

    When eta for 11.2.6 jb?
     
  3. Stiss macrumors 6502a

    Joined:
    Apr 18, 2009
    Location:
    England
    #3
    Imagine buying one and one software update later it doesn't work anymore. :D
     
  4. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #4
    This can be very bad, if abused by the gubmint.
     
  5. Albright macrumors regular

    Joined:
    Aug 23, 2011
    #5
    Ah, yes, the "something to hide" fallacy.

    Apple, please do what you can to protect us from this.
     
  6. jordii macrumors regular

    Joined:
    Sep 9, 2008
    #6
    I'd been delaying upgrading to iOS 11 (breaks so many older apps) but this is a nice reminder that I better do it ASAP.
     
  7. lsutigerfan1976 macrumors 68020

    Joined:
    Sep 14, 2012
    #7
    How much is this going to set us back? And when can we preorder this?
     
  8. justperry macrumors G3

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #8
    $30.000 is peanuts for Apple, they just buy one and before you know it iOS is patched, if not already.
     
  9. exodiusprime macrumors regular

    exodiusprime

    Joined:
    Jun 24, 2010
    Location:
    Dallas, TX
    #9
    The only issue with that, jordii, is that even the latest version of iOS is susceptible to this (unless Apple does something about it):

     
  10. thadoggfather macrumors G4

    thadoggfather

    Joined:
    Oct 1, 2007
    #10
    Steve would’ve approved of the design.

    Does it just come in space grey?

    Or gold / silver too?
     
  11. aforty macrumors 65816

    aforty

    Joined:
    Nov 27, 2007
    Location:
    Brooklyn, NY
    #11
    This is why you don't use 6-digit passcodes but instead a complex alphanumeric one.
     
  12. justperry macrumors G3

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #12
    Read the article.
     
  13. WAM2 macrumors 6502a

    WAM2

    Joined:
    Jan 6, 2011
    Location:
    United States
    #13
    So unacceptable. If Apple doesn’t fix whatever they are doing to break the passcodes they will be losing a ton of trust.
     
  14. DogHouseDub macrumors 6502

    DogHouseDub

    Joined:
    Sep 19, 2007
    Location:
    SF
    #14
    "MalwareBytes worries that the portable version of the GrayKey could easily fall into the wrong hands."

    What's to worry about? That would never happen...*cough* eternalblue *cough*
     
  15. elvisimprsntr, Mar 15, 2018
    Last edited: Mar 15, 2018
  16. justperry macrumors G3

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #16
    So, when you have wet hands or dry cracked fingertips (TouchId) or FaceID refuses to open your iPhone you have input that difficult password each and every time, 6 digit should be good to go.
     
  17. Smartass macrumors 65816

    Joined:
    Dec 18, 2012
    #17
    Graygate is apon us!

    You heard it here first!
     
  18. mariusignorello macrumors 68000

    Joined:
    Jun 9, 2013
    #18
    I use 7. Just for the reason that the box to type it doesn’t give away the length of the passcode.
     
  19. linuxcooldude macrumors 68020

    Joined:
    Mar 1, 2010
    #19
    Doesn't the iPhone get locked after so many failed attempts?
     
  20. ksnell macrumors 6502a

    ksnell

    Joined:
    Aug 26, 2012
    Location:
    Texas
    #20
    Apple: "Hi yes I need to order two GrayKey's."

    GrayKey: "Okay and where are we shipping these?"

    Apple: "Cuperti--"

    GrayKey: "Click."
     
  21. barkomatic macrumors 601

    Joined:
    Aug 8, 2008
    Location:
    Manhattan
    #21
    At that price, there should at least be a stainless steel frame to match the iPhone X.
     
  22. mariusignorello macrumors 68000

    Joined:
    Jun 9, 2013
    #22
    I have it set to erase after 5. So they’d better guess wisely.
     
  23. barkomatic macrumors 601

    Joined:
    Aug 8, 2008
    Location:
    Manhattan
    #23
    As if Apple would try to acquire one that way. ;) They don't even usually buy real estate for Apple Stores directly.
     
  24. ksnell macrumors 6502a

    ksnell

    Joined:
    Aug 26, 2012
    Location:
    Texas
    #24
    Don't ruin my joke, damn you! :)
     

Share This Page

330 March 15, 2018