Maker of 'GrayKey' iPhone Unlocking Box Suffers 'Brief' Data Breach, Receives Money Demands

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Apr 24, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Grayshift, the company that makes the GrayKey iPhone unlocking boxes that have been sold to multiple law enforcement agencies across the United States, recently suffered a data breach that allowed hackers to access a small portion of the GrayKey code, reports VICE's Motherboard.

    [​IMG]

    Last week, unknown hackers leaked portions of the GrayKey code and demanded two bitcoin from Grayshift with the threat of additional data being leaked. According to Motherboard, the code in question "does not appear to be particularly sensitive," but Grayshift did confirm that a "brief" data leak had occurred.
    Grayshift says that no sensitive IP or data was exposed, and Motherboard confirms that the leaked code appears to be related to the user interface that displays messages on the GrayKey, but it's clear that Grayshift security is not airtight, raising questions about what kind of data might be accessible to hackers.

    The GrayKey is a small, portable gray box equipped with dual Lightning cables. An iPhone is plugged into one of the cables to install proprietary software that's able to guess the passcode to an iPhone in as little as a few hours to a few days, based on the strength of the passcode.

    GrayKey, which is priced starting at $15,000, can crack the latest iPhones running modern versions of iOS, including iOS 11. While the box is designed to provide law enforcement officials with easy access to locked iPhones for criminal investigations, there have been fears that the GrayKey technology could fall into the wrong hands.

    The box has been sold to multiple law enforcement agencies across the country, and the data breach that Grayshift suffered, however inconsequential, is not at all reassuring for those who are worried about the security of the GrayKey boxes. The underlying functionality that allows the GrayKey to crack iPhones could be discovered and replicated, and the GrayKey boxes themselves are said to download data from cracked iPhones, which could also be at risk in a data breach.

    According to Motherboard, Grayshift has not paid the extortionists their two bitcoin fee, as the Bitcoin addresses provided have received no funds. An additional Bitcoin address promising to provide interested parties with GrayKey information has also not received funds.

    Grayshift says that "changes" have been made to help customers prevent unauthorized access to GrayKey boxes in the future, but Motherboard discovered another exposed GrayKey device broadcasting similar code.
    The technology used for the GrayKey will likely be outdated at some point through updates to the iOS operating system, but as far as we know now, it's still functional for even the latest versions of iOS and the newest iOS devices, including the iPhone X.

    Those worried about GrayKey and similar technologies can implement stronger and more secure passcodes and passwords that are more difficult to guess through brute forcing to prevent these kinds of tools from working. A 6-digit numeric passcode, Apple's default, can be guessed in as little as 11 hours, but an 8-digit numeric code can take over a month, while a 10-digit numeric code can take years.

    Security experts recommend alphanumeric passcodes that are at least seven characters long with numbers, upper and lowercase letters, and symbols included. The longer the password, the more secure it is from GrayKey-style guessing methods. For more information on Grayshift's data breach, check out Motherboard's full report.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: Maker of 'GrayKey' iPhone Unlocking Box Suffers 'Brief' Data Breach, Receives Money Demands
     
  2. Andres Cantu macrumors 68030

    Andres Cantu

    Joined:
    May 31, 2015
    Location:
    Rio Grande Valley in South Texas
    #2
    I'd say ironic, but any company gets hacked these days.
     
  3. rictus007 macrumors regular

    Joined:
    Oct 12, 2011
    #3
    That’s exactly why the iPhone, et al... should not have a back door
     
  4. DVNIEL macrumors 6502a

    DVNIEL

    Joined:
    Oct 28, 2003
    Location:
    California
    #4
    Hahaha they held them for ransom for two bitcoins?
     
  5. BittenApple macrumors 6502a

    BittenApple

    Joined:
    Nov 29, 2008
  6. -Garry- macrumors 6502a

    -Garry-

    Joined:
    Oct 23, 2005
    Location:
    Manchester, UK
    #6
    Yes. Very few companies would (or could) pay hundreds of thousands or millions of dollars like they do in the movies.

    Instead you hit a lot of smaller companies and ask for a relatively small sum. Much more effective in the real world.
     
  7. mejsric macrumors 6502a

    mejsric

    Joined:
    Mar 28, 2013
    #7
    Thats the first bait, next will another leakage for 5 bitcoins and so on.
     
  8. tooloud10 macrumors 6502

    Joined:
    Aug 14, 2012
    #8
    This is far beyond irony or karma, this is exactly what we've been screaming the warnings about for years now about why backdoors are an incredibly bad idea.
     
  9. Wags macrumors 6502a

    Joined:
    Mar 5, 2006
    Location:
    Nebraska, USA
  10. DeepIn2U macrumors 603

    DeepIn2U

    Joined:
    May 30, 2002
    Location:
    Toronto, Ontario, Canada
    #10
    The Mac & iOS community strikes back!!
     
  11. DNichter macrumors 604

    DNichter

    Joined:
    Apr 27, 2015
    Location:
    Philadelphia, PA
    #11
    Bummer for those affected, but kind of amusing either way. I am on the side of Apple’s with this topic.
     
  12. DeepIn2U macrumors 603

    DeepIn2U

    Joined:
    May 30, 2002
    Location:
    Toronto, Ontario, Canada
    #12
    The Empires warning and wrath is felt throughout the empire.
     
  13. jav6454 macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #13
    More like someone with good abilities looking for a quick penny.
     
  14. Tech198 macrumors G5

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #14
    lol... better than no ransom at all
     
  15. redneckitengineer macrumors regular

    redneckitengineer

    Joined:
    Oct 27, 2017
    Location:
    Tennessee
    #15
    I wish someone had hacked the whole thing and demanded a Kings ransom.
     
  16. HiRez macrumors 603

    HiRez

    Joined:
    Jan 6, 2004
    Location:
    Western US
    #16
    Sure, let's build a "secure" government back door into all customer data and communications, what could go wrong?
     
  17. lkrupp macrumors 6502a

    Joined:
    Jul 24, 2004
    #17
    Oh, and this technology will be exclusive to law enforcement and will never get in the hands of bad actors. Right.
     
  18. Quu macrumors 68030

    Quu

    Joined:
    Apr 2, 2007
    #18
    This is exactly why Tim Cook said you shouldn't build back-doors into products. Hackers will get at those back-doors one way or another.
     
  19. usarioclave macrumors 65816

    Joined:
    Sep 26, 2003
    #19
    This is dumb. Someone did a ‘view source’ on the GrayKey UI. That’s not a data breach or any kind of security issue.
     
  20. gaximus macrumors 6502a

    Joined:
    Oct 11, 2011
    #20
    Exactly what I came to say.
     
  21. Shadow%20Mac macrumors 6502

    Joined:
    Dec 28, 2007
    Location:
    California
    #21
    Wow. It's almost like the existence and sale of this product was a catastrophically terrible idea. Or something ridiculous like that.
     
  22. fairuz, Apr 24, 2018
    Last edited: Apr 24, 2018

    fairuz macrumors 68000

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    San Jose and Berkeley, CA
    #22
    Doesn't seem like they'll pay it. It wasn't sensitive. Also, if they pay, everyone sees that they paid, which would look bad.
    --- Post Merged, Apr 24, 2018 ---
    It's funny, but it doesn't have much to do with the product. The only terrible idea is the existence of Apple's security vulnerability.
     
  23. macsba macrumors 6502

    Joined:
    Jan 5, 2015
    Location:
    Next to my Mac.
    #23
    Time to get the bottle of fine wine out.
     
  24. fairuz, Apr 24, 2018
    Last edited: Apr 24, 2018

    fairuz macrumors 68000

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    San Jose and Berkeley, CA
    #24
    It's not a backdoor, and the vulnerability has nothing to do with the government. Apple screwed up.
     
  25. robjulo macrumors 65816

    Joined:
    Jul 16, 2010
    #25
    You mean the company that has left their product open to this vulnerability in the first place?

     

Share This Page