A sophisticated iPhone unlocker device named GrayKey is being used frequently by law enforcement authorities in the United States to hack into devices owned by suspected criminals, thereby defeating Apple's intent to secure the privacy of millions of iPhone users.
GrayKit can be used to unlock even the latest iPhone X and help users of the device access details like "account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers stored in targeted iPhones", according to security experts at MalwareBytes Labs.
Is the FBI using GrayKey devices to unlock iPhones?
Exactly two years ago, the FBI announced that it had managed to hack into an iPhone owned by a suspect accused of shooting innocent people in San Bernardino. The success came after a months-long bitter feud between the agency and Apple who refused to help the FBI in unlocking the iPhone or creating a backdoor to help authorities gain access to the suspect's iPhone 5c.
Following FBI's announcement, it was reported that the agency probably received help from Israeli cyber security firm Cellebrite. Even though it was later confirmed that Cellebrite did provide iPhone unlocking services at $5,000 per device, law enforcement authorities are now using a new device created by a lesser known firm known as Grayshift.
According to MalwareBytes Labs, a new iPhone unlocking device named GrayKey arrived in 2016 but researchers found it hard to analyze the device as the website of its creator was "protected by a portal that screens for law enforcement affiliation". GrayKey is now being offered for in-house use at law enforcement offices or labs but it is now clear how many devices have been sold to law enforcement agencies like the FBI or how frequently they are being used.
How does a GrayKey work?
Malwarebytes Labs have explained in detail how a GrayKey device works:
"GrayKey is a gray box, four inches wide by four inches deep by two inches tall, with two lightning cables sticking out of the front. Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information.
"The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.
"After the device is unlocked, the full contents of the filesystem are downloaded to the GrayKey device. From there, they can be accessed through a web-based interface on a connected computer, and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download."
The firm added that GrayShift is now offering GrayKey in two price plans. A cheaper $15,000 plan requires Internet connectivity and can only be used by one network at a time. However, the premium $30,000 option requires no Internet connection and can be used to unlock an unlimited number of iPhones. It can also be used for as long as possible until a vulnerability it exploits is fixed by Apple.
Should you be concerned?
The researchers fear that if the premium model of GrayKey finds its way into the hands of hackers and those not having any links to law enforcement, it could give cyber criminals "the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones".
They also expressed concern over whether GrayKey devices are properly secured, whether they can be remotely accessed, whether data could be intercepted in transit, or if phone data stored in the devices are strongly encrypted. If not, cyber criminals could easily hack into GrayKey devices and obtain a lot of information about iPhone owners without having to steal their iPhones themselves.
"Little is known about Grayshift or its sales model at this point. We don’t know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it’s highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market.
It’s also entirely possible, based on the history of the IP-Box, that Grayshift devices will end up being available to anyone who wants them and can find a way to purchase them, perhaps by being reverse-engineered and reproduced by an enterprising hacker, then sold for a couple hundred bucks on eBay," they added.