A company known as Grayshift based in Atlanta, Georgia, is selling a device called GrayKey which can be used to unlock iPhones — even the latest 8 series and the X model — a security company claims.
Malwarebytes said in a blog post that the GrayKey iPhone unlocker device was being marketed for in-house use at law enforcement offices or labs.
It said interest in breaking the iPhone's security had gone up after the 2016 case where the FBI took Apple to court over gaining access to an iPhone 5 used by a terrorist who was involved in an attack in San Bernardino, California, in December 2015.
As can be seen in the screenshot above, the GrayKey works on the latest hardware, and at least on iOS up to 11.2.5.
In that instance, the FBI finally dropped the case after it had gained access to the iPhone in question by utilising the services of a third party, said to be the Israel-based company Cellebrite.
{loadposition sam08}Malwarebytes said that GrayKey was a small box four inches by four inches by two inches with two lightning cables at the front. Each could be attached to an iPhone and after some time the passcode was displayed (graphic below) on the screen of the phone along with some other information.
It could take up to three days for a six-digit passcode to be cracked and even disabled phones could be unlocked, the blog post claimed.
Once the device was unlocked, the filesystem contents were downloaded to the GrayKey device from where they could be viewed through a Web interface on a connected computer.
Malwarebytes said there were two GrayKey devices being sold – one for US$15,000 which needed an Internet connection to work and could only be used on one network.
The second, costing US$30,000, needed no Internet connectivity and could be used to unlock an unlimited number of devices. "It will work for as long as it works; presumably, until Apple fixes whatever vulnerabilities the device relies on, at which time updated phones would no longer be unlockable," the post said.
Malwarebytes said the existence of the GrayKey was not surprising but it did indicate that the security of an iPhone could not guaranteed once it fell into the hands of a third party.
Screenshots: courtesy Malwarebytes