The dubious GrayKey box that lets authorities unlock your iPhone and download your data may have been hacked
Update: Despite being touted as the ultimate PIN-cracking tool, it appears Grayshift’s dubious GrayKey device has its own vulnerabilities.
Reports suggest hackers obtained a “small chunk” of the GrayKey device’s code following a data breach earlier this month, which has since been confirmed in a statement to Motherboard. GrayShift said the breach occurred due to a “network misconfiguration at a customer site.”
The company did add, however, that no other data was accessed and it has since said the problem has been fixed to prevent any further unauthorised access.
Original story continues below
Nowadays, twenty grand will get you, what, a couple of months rent in in a Zone 6 London studio? Two thirds of an undergraduate degree? Oh, and now GrayKey, a four-by-four inch box which promises to unlock iPhones running iOS 10 and iOS 11.
Grayshift, the startup behind the eponymous box, is providing the unlocking tool to police forces, despite snowballing protests from privacy advocates. There’s reportedly an ex-Apple security engineer at the helm, although how he’s sidestepped reportedly stringent non-disclosure agreements (not to mention intellectual property law) has raised questions.
The $30,000 (£21,000) box works offline and comes with full, unlimited unlocking capacity. Alternatively, if your local police force is a bit hard up, there is a ‘budget’ option. For a bargain $15,000 (£10,500) they can get a GrayKey with less functionality, requiring internet connectivity to work, and only permitting 300 uses.
Its full-price bigger brother, meanwhile, retails at a cool $30,000 (£21,000), but it works offline, and its unlocking capacity is limitless.
The exact details of how it unlocks a device has not been revealed, but Grayshift claims to take anywhere between two hours to three days to glean your phone’s passcode, depending on its length. Those among us who’ve relied on the trusty 1-2-3-4 might want to start reconsidering. Once GrayKey has worked its dubious magic, the passcode will appear on a black screen, and, once unlocked, the iPhone’s data will download onto the device. Chilling.
At the moment, GrayKey only been co-opted by US police forces, with the Maryland and Indiana State Police forces respectively having purchased a box.
The Miami-Dade County Police look set to be next as it’s currently in talks to buy the controversial tool. Meanwhile, interest has been sparked from the Secret Service, the State Department, and the Drug Enforcement Agency.
We predict it won’t be long until it graces the transatlantic shores of the UK, but for now we’ll make do with @shottatextsldn, the Instagram account devoted to awkward texts administered to and by the capital’s drug dealers. Read it and weep (laughing).