The GrayKey forensic tool has surfaced, albeit it could present privacy and security concerns if obtained and misused by criminals and thieves.
GrayKey offers a way for government agencies and members of law enforcement to gain access to an iPhone without sending it off for analysis by security analysts. The tool is marketed as being able to extract the full filesystem from an iPhone, and is able to perform brute-force passcode attacks against the device in a short period of time.
An anonymous source within MalwareBytes Labs released a picture of the device, which measures four inches square by two inches deep, with two Lightning cables on the front of the device allowing two iPhones to be connected at the same time.
The iPhones can be disconnected from the unit after about two minutes, but after disconnection, software will continue running on the iPhones to crack the security, later showing the passcode and other details on the iPhone’s screen. The source advised the time for this process can vary from two hours for shorter passcodes up to three days or longer for six-digit versions.
Following the unlock procedure, the iPhone can be reconnected to the GrayKey device to allow the full contents of the filesystem to be downloaded to a connected computer via a web-based interface. This includes the unencrypted contents of the iPhone’s onboard keychain.
The device apparently works with newer iPhones, including the iPhone X handset, and can work on devices running up to iOS 11.2.4.
Two versions of the GrayKey are offered, starting from $15,000 for a model that is strictly geofenced and requiring Internet connectivity to function, as well as having a limit to the number of unlocks it can perform. The $30,000 version has no unlock limit and doesn’t require an Internet connection to function, though it does use token-based two-factor authentication instead of geofencing for security, meaning it can be taken to different locations and used practically anywhere.
MalwareBytes has noted that given people’s fondness for convenience, it seems likely that the token could be placed near the GrayKey device. With the token nearby, it’s thought that this could be stolen and used by criminals, especially given its small pocketable size and ability to continue working offers. The hardware could become a valuable commodity on the black market, allowing stolen iPhones to be unlocked for resale and allowing for access to valuable personal data.
The report also posits the possibility that the GrayKey could be using some sort of jailbreak to gain access, questioning if it remains jailbroken if the iPhone is returned to the owner, further adding the possibility of remote access to it by others.
The security of the network-limited version of the GrayKey is also unknown. Also unknown is whether the GrayKey can be remotely accessed, if the data can be intercepted in transit, and even if the phone data is stored securely once acquired.
It’s also been suggested that the GrayKey could be reverse engineered, reproduced, and sold at a cheaper price by criminals wanting to create their own units.
Stay tuned for additional details as they become available.
Via AppleInsider and MalwareBytes Labs