Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Maker of 'GrayKey' iPhone Unlocking Box Suffers 'Brief' Data Breach, Receives Money Demands
- Thread starter MacRumors
- Start date
- Sort by reaction score
While I totally agree, there will always be back doors. If it connects to the internet it can be hacked. Even the hack machines can get hacked.
I just want Apple to fix this bug so the stupid boxes become expensive paperweights.
Users have a right to privacy.
Users have a right to privacy.
Gee, a company that creates a device to STEAL user data (breaching privacy) had THEIR privacy invaded? Let me cry a river for these criminals.... 
There is no way I’m doing this. Not on an iPhone X. I’d have done this with Touch ID but Face ID isn’t good enough yet. I’d have to be inputting this more complex password so many times during the day. Like every time my iPhone X is flat on my desk and I want to check something real quick. Or every time it doesn’t recognize my face, which is a few times per day. Having to input both alphabet cases, numbers, and symbols each time I need to unlock would be awful. I already hate having to tap out a simple six digit code on the large keypad!
how many "brown Key" boxes are they going to sell now
My guess is a lot, because government agencies are stupid and love to waste tax dollars.
It seems all that leaked was a GUI, and not the code that does the actual exploit or brute-force attack. I think some posters in this thread are making it out to be more serious than it actually is, though it raises some questions about the security of these devices and the company behind them.
Hopefully Apple can find and patch whatever method of access is allowing these devices to brute-force the passcode, even if it must be done at the hardware level.
They should be hacked to hell. You want to grow up and join the scumbag career path this is what you get.
You know, when you see that message about entering your passcode you can often just hit cancel and try Face ID again. I only enter my passcode the once a week required by Apple for the most part. There is no reason you should be having to enter your passcode that often unless you are doing something very odd.
Look here, I hacked apple, look how it says secure and I have the code, oh dear, Apple's in trouble now! I want at least 2000 bitcoin to not release all data.
Or not. Wow, some idiot found a graykey over the internet and copied some UI code and tried to make a buck. Well, no, they didn't fall for that.
Code:
{"meta":{"l":["/shoppingCart"],"h":{"x-aos-stk":"96f607a8"}},"abs":{"BagBanner":{"b":{"bag-banner":{"id":{"op":"ADD","args":[{"get":"d.id"},"-bag-banner"]},"key":"d.bag-banner","events":[{"on":"load","delay":50,"do":[{"set":"d._visible","to":true}]}]}},"v":[{"id":{"get":"d.id"},"template":"{{#deliveryMessageBannerEnabled}} <div class=\"box--white box--is-rounded box--has-shadow ph10 pv10 mb8\">\n\t<div class=\"icon-shipping as-purchaseinfo-availabilityicons\" style=\"padding: 17px 0 17px 14px;\">\n\t\t<span>\n\t\t\t<img src=\"https://store.storeimages.cdn-apple.com/4974/as-images.apple.com/is/image/AppleInc/aos/published/images/d/el/delivery/message/delivery-message-banner?wid=19&hei=21&fmt=png-alpha&.v=1515024377276\" alt=\"Shipping Information\" width=\"19\" height=\"21\" data-scale-params-2=\"wid=38&hei=42&fmt=png-alpha&.v=1515024377276\" style=\"vertical-align: middle;padding-right: 7px;\" class=\"ir\" /> \n\t\t</span>\n\t\t<span style=\"display: inline-block;vertical-align: middle;max-width: 96%;font-family: 'Myriad Set Pro', 'Helvetica Neue', Helvetica, Arial, sans-serif;font-size: 14px;line-height: 24px;\">\n\t\t\tFree delivery and free returns.\n\t\t</span>\n </div>\n</div> {{/deliveryMessageBannerEnabled}}"}]}},"shoppingCart":{"d":{"metricId":"db46a1e79fee541c03f194bc9ea7f524","signInEvar1":"Bag | Sign in | ","evar1":"Bag | Continue shopping | ","shopAccessoriesLinkDisplay":"Shop Accessories","automationData":"bagshopaccessorieslink","signInUrl":"https://secure1.store.apple.com/shop/sign_in?c=aHR0cHM6Ly93d3cuYXBwbGUuY29tL3Nob3AvYmFnfDFhb3NjY2QxZjg4ZGZjYjY4YWRhNWZmMmY5ZTY5YWMzNjE0OTYyMjZlOWMz&r=SCDHYHP7CY4H9XK2H&s=aHR0cHM6Ly93d3cuYXBwbGUuY29tL3Nob3AvYmFnfDFhb3NjY2QxZjg4ZGZjYjY4YWRhNWZmMmY5ZTY5YWMzNjE0OTYyMjZlOWMz&t=S99KKATD9FP9FHCP4","hasItems":false,"id":"cart","shopAccessoriesLink":"/shop/accessories/all-accessories","signInMetricId":"a4ac010036a748bc915371440f979586","accessoriesEvar1":"Bag | Shop Accessories |Or not. Wow, some idiot found a graykey over the internet and copied some UI code and tried to make a buck. Well, no, they didn't fall for that.
This is exactly why Apple refused to build code/a master key that would allow access to any iPhone: they mentioned specifically that once such a thing is done, it will become a huge target and will eventually be leaked, stolen, compromised, etc.
Last edited:
My point was how easily things are hacked, giving the government keys only increases the chances of everyone's data being breached. That doesn't mean it can't happen without it, but it makes it worse.
All Apple need to do to thwart this box is make the recommended passcode default entry alphanumeric and a minimum of 8 characters long. That will potentially increase the time to brute force passwords and decrease the worth of this hack device.
My passcode is currently 18 characters long which doesn’t cause me any inconvenience as I very rarely have to input it on my iPhone X apart from after I reboot for updates.
My passcode is currently 18 characters long which doesn’t cause me any inconvenience as I very rarely have to input it on my iPhone X apart from after I reboot for updates.
I would do a complex password either way. My Mac has a 23-character password, and I type it a few times today, if MacID does not work well/as expected.
Don't you know the government is impenetrable? The Donald will keep it under lock and key in his desk. You're safe.
It is functionally indistinguishable from a backdoor. It is essentially a backdoor Apple built unintentionally into iOS/iPhone that was so far only available to government agencies. Until one of the parties which had the 'key' to this backdoor got hacked ...
Last edited:
It’s not that this revealed any data but that these devices are vulnerable to being hacked with ease. Especially if they are targeted.
This is a big deal as it potentially allows the method used to be stolen by a malicious actor for nefarious uses. Though how much more nefarious you can get than law enforcement is debatable.
You're right (for the first part of your statement), but it's exactly the example needed to show why the backdoor that government agency's have been asking for is a very bad idea.
It''s not quite as simple as that. It's an arms race. This isn't an simple bug in the code, it's a sophisticated exploit, that will take some very bright minds to figure out how it's been achieved and then to redesign the code to mitigate against it. Allowing root access to macOS without a password was a bug that should have never slipped past Apple. This is something else. It's difficult to mitigate against something, when you don't know how it's being achieved.
That's why Apple should never have any "backdoors" exposed to Governmental Agency.