Maker of 'GrayKey' iPhone Unlocking Box Suffers 'Brief' Data Breach, Receives Money Demands

Grayshift, the company that makes the GrayKey iPhone unlocking boxes that have been sold to multiple law enforcement agencies across the United States, recently suffered a data breach that allowed hackers to access a small portion of the GrayKey code, reports VICE's Motherboard.

graykey1


Last week, unknown hackers leaked portions of the GrayKey code and demanded two bitcoin from Grayshift with the threat of additional data being leaked. According to Motherboard, the code in question "does not appear to be particularly sensitive," but Grayshift did confirm that a "brief" data leak had occurred.

Indeed, Grayshift told Motherboard in a statement "Due [to] a network misconfiguration at a customer site, a GrayKey unit's UI was exposed to the internet for a brief period of time earlier this month."

"During this time, someone accessed the HTML/Javascript that makes up our UI. No sensitive IP or data was exposed, as the GrayKey was being validation tested at the time. We have since implemented changes to help our customers prevent unauthorized access," the statement added.

Grayshift says that no sensitive IP or data was exposed, and Motherboard confirms that the leaked code appears to be related to the user interface that displays messages on the GrayKey, but it's clear that Grayshift security is not airtight, raising questions about what kind of data might be accessible to hackers.

The GrayKey is a small, portable gray box equipped with dual Lightning cables. An iPhone is plugged into one of the cables to install proprietary software that's able to guess the passcode to an iPhone in as little as a few hours to a few days, based on the strength of the passcode.

GrayKey, which is priced starting at $15,000, can crack the latest iPhones running modern versions of iOS, including iOS 11. While the box is designed to provide law enforcement officials with easy access to locked iPhones for criminal investigations, there have been fears that the GrayKey technology could fall into the wrong hands.

The box has been sold to multiple law enforcement agencies across the country, and the data breach that Grayshift suffered, however inconsequential, is not at all reassuring for those who are worried about the security of the GrayKey boxes. The underlying functionality that allows the GrayKey to crack iPhones could be discovered and replicated, and the GrayKey boxes themselves are said to download data from cracked iPhones, which could also be at risk in a data breach.

According to Motherboard, Grayshift has not paid the extortionists their two bitcoin fee, as the Bitcoin addresses provided have received no funds. An additional Bitcoin address promising to provide interested parties with GrayKey information has also not received funds.

Grayshift says that "changes" have been made to help customers prevent unauthorized access to GrayKey boxes in the future, but Motherboard discovered another exposed GrayKey device broadcasting similar code.

Using the computer search engine Shodan, Motherboard found a seemingly exposed GrayKey device, broadcasting similar chunks of code to the open internet.

"To brute force a complex alphanumeric passcode, upload a custom password dictionary. If a dictionary is not uploaded, GrayKey will not attempt to brute force custom alphanumeric passcodes," one section of the apparent device's code reads.

The technology used for the GrayKey will likely be outdated at some point through updates to the iOS operating system, but as far as we know now, it's still functional for even the latest versions of iOS and the newest iOS devices, including the iPhone X.

Those worried about GrayKey and similar technologies can implement stronger and more secure passcodes and passwords that are more difficult to guess through brute forcing to prevent these kinds of tools from working. A 6-digit numeric passcode, Apple's default, can be guessed in as little as 11 hours, but an 8-digit numeric code can take over a month, while a 10-digit numeric code can take years.

Security experts recommend alphanumeric passcodes that are at least seven characters long with numbers, upper and lowercase letters, and symbols included. The longer the password, the more secure it is from GrayKey-style guessing methods. For more information on Grayshift's data breach, check out Motherboard's full report.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

rictus007 Avatar
36 months ago
That’s exactly why the iPhone, et al... should not have a back door
Score: 78 Votes (Like | Disagree)
tooloud10 Avatar
36 months ago
This is far beyond irony or karma, this is exactly what we've been screaming the warnings about for years now about why backdoors are an incredibly bad idea.
Score: 47 Votes (Like | Disagree)
lkrupp Avatar
36 months ago
Oh, and this technology will be exclusive to law enforcement and will never get in the hands of bad actors. Right.
Score: 40 Votes (Like | Disagree)
Quu Avatar
36 months ago
This is exactly why Tim Cook said you shouldn't build back-doors into products. Hackers will get at those back-doors one way or another.
Score: 40 Votes (Like | Disagree)
HiRez Avatar
36 months ago
Sure, let's build a "secure" government back door into all customer data and communications, what could go wrong?
Score: 34 Votes (Like | Disagree)
charlesdayton Avatar
36 months ago
I just want Apple to fix this bug so the stupid boxes become expensive paperweights.

Users have a right to privacy.
Score: 27 Votes (Like | Disagree)

Top Stories

magsafecasedangle

Apple Elaborates on Potential for iPhone 12 and MagSafe Accessories to Interfere With Implantable Medical Devices

Saturday January 23, 2021 2:42 pm PST by
Since the launch of iPhone 12 models in October, Apple has acknowledged that the devices may cause electromagnetic interference with medical devices like pacemakers and defibrillators, but the company has now shared additional information. Apple added the following paragraph to a related support document today:Medical devices such as implanted pacemakers and defibrillators might contain...
Top Stories 44 Feature

Top Stories: 'Thinner and Lighter' MacBook Air, Smaller iPhone 13 Notch, iOS 14.4 Incoming

Saturday January 23, 2021 6:00 am PST by
We continued to hear a lot more about Apple's plans for its Mac lineup this week, including word of a high-end redesigned MacBook Air and the return of an SD card slot as part of the upcoming MacBook Pro redesign. It also sounds like Apple has been working on Face ID for Mac, but it won't be appearing in a redesigned iMac this year as originally planned. This week also saw rumors about the...
bloodoxygenapplewatch

Apple Watch Series 7 Rumored to Feature Blood Glucose Monitoring

Monday January 25, 2021 5:05 am PST by
The Apple Watch Series 7 will reportedly feature blood glucose monitoring via an optical sensor, according to ETNews. The report, which mainly focuses on the blood glucose capabilities of the Samsung Galaxy Watch 4, explains that Apple is intending to bring blood glucose monitoring to the upcoming Apple Watch Series 7 using a non-invasive optical sensor. Measuring blood glucose levels,...
maxresdefault

Microsoft Touts Surface Pro 7 as 'The Better Choice' Over MacBook Pro in New Ad

Saturday January 23, 2021 11:02 am PST by
Microsoft yesterday shared a new ad on YouTube titled "Microsoft Surface Pro 7: The Better Choice," in which the company compares its tablet computer to Apple's 13-inch M1 MacBook Pro, as spotted by MSPoweruser. The ad highlights the Surface Pro 7's touchscreen and included stylus as opposed to only a "little bar" (the Touch Bar) on the MacBook Pro. Other advantages of the Surface Pro 7...
airpods galaxy buds comparison

Samsung Galaxy Buds Pro vs. Apple AirPods Pro

Friday January 22, 2021 2:34 pm PST by
Samsung in January unveiled new flagship Galaxy S21 smartphones and alongside the new phones, introduced the $200 Galaxy Buds Pro, which are priced at $199 and offer Active Noise Cancellation. Subscribe to the MacRumors YouTube channel for more videos. These new Galaxy Buds Pro are clearly designed to compete with Apple's AirPods Pro, so we thought we'd compare the two sets of earbuds in our...
2021 mbp sd slot feature2

Bloomberg: Next MacBook Pro to Feature SD Card Reader

Friday January 22, 2021 7:50 am PST by
Last week, reputable analyst Ming-Chi Kuo outlined his expectations for new 14-inch and 16-inch MacBook Pro models later this year, including the return of the MagSafe charging connector, the removal of the Touch Bar, a new flat-edged design, and the return of more ports built into the notebooks for expanded connectivity. A concept of a modern MacBook Pro with an SD card reader Kuo did not...
time to walk apple watch

Apple Fitness+ Feature 'Time to Walk' Launching Soon With Audio Stories From Special Guests

Saturday January 23, 2021 7:13 pm PST by
Earlier this week, Apple seeded the watchOS 7.3 Release Candidate, which is typically the final beta version of a software update. The release notes for the update list a new "Time to Walk" feature for Apple Fitness+ subscribers, described as "an audio experience in the Workout app where guests share inspiring stories as you walk." Apple Fitness+ subscribers will be able to open the Workout...
Flat MacBook Air Feature

Bloomberg: Apple Working on 'Thinner and Lighter' High-End MacBook Air With MagSafe, Could Launch in Second Half of 2021

Friday January 22, 2021 3:34 am PST by
Apple is working on a "thinner and lighter" version of the MacBook Air that the company plans to release during the second half of this year at the earliest or in 2022, according to a new report by well-connected Bloomberg journalist Mark Gurman. It will include Apple's MagSafe charging technology and a next-generation version of the company's in-house Mac processors. Apple has discussed...
q4 2020 mac growth feature

Mac Sales Skyrocketing After M1 Launch

Tuesday January 19, 2021 3:00 am PST by
Apple's worldwide Mac shipments grew massively in the fourth quarter of 2020 after the launch of three new Macs with the M1 chip, according to new PC shipping estimates shared by Gartner. Apple shipped an estimated 6.9 million Macs, up from the 5.25 million it shipped at the same time in 2019, marking significant growth of 31.3 percent. In spite of the growth of Mac sales, Apple remained...
apple time to walk apple watch airpods 01252021 inline

Apple's New 'Time to Walk' Feature Launches Today for Fitness+ Subscribers

Monday January 25, 2021 6:30 am PST by
Apple today officially introduced Time to Walk, a new feature for Apple Fitness+ subscribers with audio stories from influential people that Apple Watch users can listen to with AirPods or other wireless headphones while walking. Time to Walk episodes will be automatically downloaded to the Apple Watch with a Fitness+ subscription, and users can start an episode directly from the Workout...