New GrayKey iPhone unlocker poses serious concerns

Spread the love

GrayKey iPhone unlocker poses serious security concerns

iPhone unlocker poses serious security concerns

Ever since the case of the GrayKey San Bernadino

shooter pitted Apple against the FBI

over the unlocking of an iPhone, opinions have been

split on providing backdoor

access to the iPhone for law enforcement. Some felt

that Apple was aiding and

abetting a felony by refusing to create a special version

of iOS with a backdoor

for accessing the phone’s data. Others believed that it’s impossible to give backdoor

access to law enforcement without threatening the

security of law-abiding citizens.

In an interesting twist, the battle ended with the

FBI dropping the case after finding a

third party who could help. At the time, it was theorized

that the third party was Cellebrite.

Since then it has become known that Cellebrite— an

Israeli company—does provide iPhone

unlocking services to law enforcement agencies.

Cellebrite, through means currently unknown, provides

these services at $5,000 per device,

and for the most part, this involves sending the phones to a Cellebrite facility.

(Recently, Cellebrite has begun providing in-house unlocking


but those services are protected heavily by non-disclosure agreements, so little is known about them.)

It is theorized, and highly likely, that Cellebrite knows of one or more iOS

vulnerabilities that allow them to access the devices.

In late 2017, word of a new iPhone unlocker device started to circulate: a device called GrayKey,

made by a company named Grayshift. Based in Atlanta, Georgia, Grayshift was founded in 2016

and is a privately-held company with fewer than 50 employees. Little was known publicly about

this device—or even whether it was a device or a service—until recently, as the GrayKey website

is protected by a portal that screens for law enforcement affiliation.

According to Forbes, the GrayKey iPhone unlocker device is marketed for in-house use at law

enforcement offices or labs. This is drastically different from Cellebrite’s overall business

model, in that it puts complete control of the process in the hands of law enforcement.

Thanks to an anonymous source, we now know what this mysterious device looks like,

and how it works. And while technology is a good thing for law enforcement,

it presents some significant security risks.

How it works

GrayKey is a gray box, four inches wide by four inches deep by two inches tall,

with two lightning cables sticking out of the front.

New GrayKey iPhone unlocker poses serious concerns

Two iPhones can be connected at one time, and are connected for about two minutes.

After that, they are disconnected from the device but are not yet cracked.

Sometime later, the phones will display a black screen with the passcode, among other information.

The exact length of time varies, taking about two hours in the observations of our source.

It can take up to three days or longer for six-digit passcodes, according to Grayshift documents,

and the time needed for longer passphrases is not mentioned.

Even disabled phones can be unlocked, according to Grayshift.

New GrayKey iPhone unlocker poses serious concerns
GrayKey iPhone passcode unlocker

After the device is unlocked, the full contents of the filesystem are downloaded to the GrayKey device.

From there, they can be accessed through a web-based interface on a connected computer

and downloaded for analysis.

The full, unencrypted contents of the keychain are also available for download.

New GrayKey iPhone unlocker poses serious concerns

The GrayKey device itself comes in two “flavors.” The first, a $15,000 option,

requires Internet connectivity to work.

However, there is also a $30,000 option. At this price, the device requires

no Internet connection whatsoever and has no limit to the number of unlocks.

It will work for as long as it works; presumably, until Apple fixes whatever

The offline model does require token-based two-factor authentication as a

replacement for geofencing for ensuring security. However, as people often

write passwords on stickies and put them on their monitors, it’s probably too

much to hope that the token will be kept in a separate location when the


For law enforcement, this is undoubtedly a boon. However, historically,

similar stories involving cracking the iPhone haven’t turned out so well.

Consider, for example, the case of the IP-Box, a similar device that was

once used to access the contents of iPhones running older versions of iOS.

The utility of the original IP-Box ended in iOS 8.2, which gave rise to the IP-Box 2.

Unfortunately, the IP-Box 2 became widely available and was almost exclusively

used illegitimately, rather than in law enforcement. Today, various IP-Boxes can

Anyone who wants such a device can get one.

New GrayKey iPhone unlocker poses serious concerns

What happens if the GrayKey becomes commonplace in law enforcement?

along with its token, if stored nearby. Once off-site, it would continue to work.

Such a device could fetch a high price on the black market, giving thieves

the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones.


It’s unknown, but any of these are possibilities.

We also don’t know what kind of security is present on the networked GrayKey device.

Most people probably won’t get too excited about a criminal’s phone or data.

However, let’s keep in mind one of the fundamental principles of the

US judicial system: suspects are innocent until proven guilty.

Should suspects be susceptible to these kinds of searches by law enforcement?

Further, not all phones analyzed by law enforcement belong to suspects.

In one digital forensics lab in 2014, around one-third of the devices analyzed

possible the technician may prefer to use the GrayKey to analyze the device

regardless of the availability of the passcode, due to the copious amounts of data

it can generate from the device.

but a liability for the police.

New GrayKey iPhone unlocker poses serious concerns

Who should we trust?

Obviously, this can’t be true in all cases, people being people, but let’s start from that assumption.

Unfortunately, even if the agents themselves are completely trustworthy,

sources in law enforcement have said that the computer systems used by law

sensitive data, some of which will come from the phones of innocent

US citizens, too insecure systems?

or if it is also selling in other parts of the world. Regardless of that,

it’s highly likely that these devices will ultimately end up in the hands

of agents of an oppressive regime, whether directly from Grayshift or

indirectly through the black market.

It’s also entirely possible, based on the history of the IP-Box,

that Grayshift devices will end up being available to anyone who

wants them and can find a way to purchase them, perhaps by

then sold for a couple of hundred bucks on eBay.


An iPhone typically contains all manner of sensitive information:

account credentials, names, and phone numbers, email messages,

text messages, banking account information, even credit card numbers

or social security numbers. All of this information, even the most

seemingly innocuous, has value on the black market, and can be used

to steal your identity, access your online accounts, and steal your money.

The existence of the GrayKey isn’t hugely surprising, nor is it a sign that

the sky is falling.



130 total views, 2 views today