Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
'GrayKey' iPhone Unlocking Box Used by Law Enforcement Shown Off in Photos
Last week, news of a previously-unknown iPhone unlocking device called GrayKey surfaced, and today, MalwareBytes shared photos and additional information about the product, which is designed for law enforcement officials.
Created by a company named Grayshift, GrayKey is a small, portable gray box equipped with dual Lightning cables.
Two iPhones can be connected to the GrayKey at once, and need to be connected for about two minutes to install proprietary software that's designed to guess the passcode for an iPhone. Once the software is installed, it will work to crack the passcode, a process that can take as little as a few hours for a short passcode or several days for a longer six-digit passcode.
Once the GrayKey software has cracked the passcode, it'll be displayed right on the screen of the iPhone. The iPhone can then be plugged back into the GrayKey to download all of the data on the iPhone, including the unencrypted contents of the Keychain, which can then be accessed using a computer.
Based on screenshots, the GrayKey can crack modern iPhones running modern versions of iOS. It works with the iPhone X and iOS 11.2.5, the version of iOS that was likely available when the screenshots were captured. It probably also works with iOS 11.2.6, unless Apple has managed to block it in the latest operating system update.
Grayshift presumably designed the GrayKey for law enforcement professionals, and it's relatively expensive. A $15,000 option requires internet connectivity and is geofenced to a specific location once set up, while a $30,000 option requires no internet connection and can be used anywhere.
MalwareBytes worries that the portable version of the GrayKey could easily fall into the wrong hands. It uses two-factor authentication, but given that people "often write passwords on stickies and put them on their monitors," it's possible the token could be kept in the same location as the device.
It's also unknown who Grayshift is selling the devices to. It's possible that sales are limited to law enforcement officials in the United States, but it's also possible that it's being offered abroad. Other devices of this type have slipped out of the hands of law enforcement and have become widely available, so the same could happen with the GrayKey.
Apple is continually working to fix the kinds of exploits used by devices like the GrayKey, so it's possible whatever mechanism the box uses will be fixed in a future update. The average iPhone owner likely doesn't need to worry about the GrayKey, but as MalwareBytes points out, it is troublesome knowing such a device could fall into the hands of malicious entities.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Created by a company named Grayshift, GrayKey is a small, portable gray box equipped with dual Lightning cables.
Two iPhones can be connected to the GrayKey at once, and need to be connected for about two minutes to install proprietary software that's designed to guess the passcode for an iPhone. Once the software is installed, it will work to crack the passcode, a process that can take as little as a few hours for a short passcode or several days for a longer six-digit passcode.
Once the GrayKey software has cracked the passcode, it'll be displayed right on the screen of the iPhone. The iPhone can then be plugged back into the GrayKey to download all of the data on the iPhone, including the unencrypted contents of the Keychain, which can then be accessed using a computer.
Based on screenshots, the GrayKey can crack modern iPhones running modern versions of iOS. It works with the iPhone X and iOS 11.2.5, the version of iOS that was likely available when the screenshots were captured. It probably also works with iOS 11.2.6, unless Apple has managed to block it in the latest operating system update.
Grayshift presumably designed the GrayKey for law enforcement professionals, and it's relatively expensive. A $15,000 option requires internet connectivity and is geofenced to a specific location once set up, while a $30,000 option requires no internet connection and can be used anywhere.
MalwareBytes worries that the portable version of the GrayKey could easily fall into the wrong hands. It uses two-factor authentication, but given that people "often write passwords on stickies and put them on their monitors," it's possible the token could be kept in the same location as the device.
What happens if the GrayKey becomes commonplace in law enforcement? The cheaper model isn't much of a danger if stolen--unless it's stolen prior to setup--but at 4″x 4″x 2″, the unlimited model could be pocketed fairly easily, along with its token, if stored nearby. Once off-site, it would continue to work. Such a device could fetch a high price on the black market, giving thieves the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones.How the GrayKey works is not known, but it's believed to be using some sort of jailbreaking process that could damage iPhones in some way. It's also not known how the GrayKey device itself is protecting data that's stored on it, and whether or not the data could be remotely accessed by hackers.
It's also unknown who Grayshift is selling the devices to. It's possible that sales are limited to law enforcement officials in the United States, but it's also possible that it's being offered abroad. Other devices of this type have slipped out of the hands of law enforcement and have become widely available, so the same could happen with the GrayKey.
Apple is continually working to fix the kinds of exploits used by devices like the GrayKey, so it's possible whatever mechanism the box uses will be fixed in a future update. The average iPhone owner likely doesn't need to worry about the GrayKey, but as MalwareBytes points out, it is troublesome knowing such a device could fall into the hands of malicious entities.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
[ 330 comments ]
Top Rated Comments
(View all)
19 months ago
The average iPhone owner likely doesn't need to worry about the GrayKey
Ah, yes, the "something to hide" fallacy.
Apple, please do what you can to protect us from this.
19 months ago
Steve would’ve approved of the design.
Does it just come in space grey?
Or gold / silver too?
Does it just come in space grey?
Or gold / silver too?
19 months ago
$30.000 is peanuts for Apple, they just buy one and before you know it iOS is patched, if not already.
19 months ago
This is why you don't use 6-digit passcodes but instead a complex alphanumeric one.
19 months ago
$30.000 is peanuts for Apple, they just buy one and before you know it iOS is patched, if not already.
Apple: "Hi yes I need to order two GrayKey's."
GrayKey: "Okay and where are we shipping these?"
Apple: "Cuperti--"
GrayKey: "Click."
19 months ago
As if Apple would try to acquire one that way. ;) They don't even usually buy real estate for Apple Stores directly.
Don't ruin my joke, damn you! :)
19 months ago
The vast majority of people really don't have anything to worry about... for 2 reasons (1) The chances of your phone getting picked up by law enforcement is slim.
I disagree with your logic. Misuse of such technology affects everyone. For just one example, let's say the government is doing something evil (unthinkable, I know) and they use this tech to find/silence/discredit a whistleblower. That hurts everyone.
19 months ago
Apple: "Hi yes I need to order two GrayKey's."
GrayKey: "Okay and where are we shipping these?"
Apple: "Cuperti--"
GrayKey: "Click."
As if Apple would try to acquire one that way. ;) They don't even usually buy real estate for Apple Stores directly.
[ Read All Comments ]
Netflix is testing a human curated discovery feature on iOS called "Collections" that surfaces TV shows and movies the user might be interested to watch (via TechCrunch).
Collections in...
Following a couple of weeks of trickling out early invitations, Apple this week launched Apple Card for all U.S. customers, offering broad access to the new digital and physical credit card issued in...
For this week's giveaway, we've teamed up with Vessel to offer MacRumors readers a chance to win a Signature 2.0 Backpack.
Vessel makes all kinds of backpacks, briefcases, and bags, but...
Discounts on the latest iMacs remain ongoing this month, with Amazon and B&H Photo now offering a new all-time-low price on the 27-inch Retina iMac with 8GB RAM and a 1TB Fusion Drive. This model...
Google and Apple calendars are not playing friendly right now.
As alerted to us by multiple MacRumors readers, there appears to be a syncing issue with Google Calendar and Apple's...
Apple Music today launched a new curated playlist called "New Music Daily," which as the name suggests, is updated every day with fresh songs.
Made up of "new music you simply...
Taylor Swift revealed today on Instagram that she will be the next partner in Apple's "Music Lab" sessions, which are available in Apple retail stores.
The Music Lab session will...
Satechi today announced the Type-C Dual Multimedia Adapter, which plugs into two of the MacBook Pro's USB-C ports to offer a handful of add-on ports.
In total, this includes: one 4K HDMI...
