News and Happenings
Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X
Submitted by emailgw, 17-03-2018, 07:36 AM, Thread ID: 80308
Thread Closed
17-03-2018, 07:36 AM
#1 https://www.forbes.com/sites/thomasbrews...01aad12950
Photos have surfaced of a mysterious 'GrayKey' device that can reveal your iPhone passcode to law enforcement agencies in just a few hours.
News of the device, which claims to be able to unlock pretty much any modern iPhone, first surfaced a couple weeks ago.Forbesreported that various police and forensics groups were offered access to the unlocking tool. For $15,000 the device permits 300 uses in an online mode requiring constant connectivity. For $30,000, the device works offline with unlimited uses. The GrayKey box is being sold byGreyshift, a company which appears to be run by an ex-Apple security engineer and long-time U.S. intelligence agency contractors.
Today, MalwareBytes posted the first photo of the device along with an explanation of how it's used. The device itself is about 4"x4"x2" with two Lightning cables sticking out of the front.
Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.
Once the device is unlocked, the full contents of its filesystem are downloaded to the GrayKey device. From there, they can be accessed via a web interface on a connected computer and downloaded for further analysis. The full unencrypted contents of the keychain can also be downloaded.
Since Grayshift is allowing agencies to purchase an offline model of the device, it's just a matter of time until it falls into the wrong hands, if it hasn't already. This is a major security concern for all iOS users as it renders most passcodes useless.
Photos have surfaced of a mysterious 'GrayKey' device that can reveal your iPhone passcode to law enforcement agencies in just a few hours.
News of the device, which claims to be able to unlock pretty much any modern iPhone, first surfaced a couple weeks ago.Forbesreported that various police and forensics groups were offered access to the unlocking tool. For $15,000 the device permits 300 uses in an online mode requiring constant connectivity. For $30,000, the device works offline with unlimited uses. The GrayKey box is being sold byGreyshift, a company which appears to be run by an ex-Apple security engineer and long-time U.S. intelligence agency contractors.
Today, MalwareBytes posted the first photo of the device along with an explanation of how it's used. The device itself is about 4"x4"x2" with two Lightning cables sticking out of the front.
Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.
Once the device is unlocked, the full contents of its filesystem are downloaded to the GrayKey device. From there, they can be accessed via a web interface on a connected computer and downloaded for further analysis. The full unencrypted contents of the keychain can also be downloaded.
Since Grayshift is allowing agencies to purchase an offline model of the device, it's just a matter of time until it falls into the wrong hands, if it hasn't already. This is a major security concern for all iOS users as it renders most passcodes useless.
RE: Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X
17-03-2018, 06:20 PM
#2 I actually didn't hear about this until I saw the post. Kudos to Nulled and the OP.
Anyways, after reading the Forbes article, I don't think there can be a permanent solution.
As we know, iOS (and Android, FYI) can lock the possibility of accepting any more password attempts for a set amount of time. Apparently, Grayshift found a way to bypass this system through an exploit, then continuing with a bruteforce-method of cracking the iOS device passwords. This is all done through their little device called the "Grayshift".
So? Well, the bad part is that this is a private cyber-security company and not much is known about them. They do have extremely competent people in this field amongst their ranks and most of them have experience with finding zero-day exploits in Apple devices. This means that the exploit, if it is ever uncovered by Apple, may not take too long to finally be rethought of, recoded and newly launched onto the market with a Graykeyv2.They have been able, reportedly, to use this exploit on a brand new iPhone X which means big trouble for Apple.
Forbes also talked about the "San Bernardino" event which happened a couple of years ago, in which the FBI asked Apple to unlock a device, precisely Syed Rizwan Farook's iPhone, which was allegated to terrorist operations. Apple "vehemently protested" against this so the FBI decided to bring the device to a private company which allegedly unlocked it for about $1M. These exploits aren't new.
This June, Grayshift is supposed to hold a conference in Myrtle Beach, California. This company isn't a black-hat group which means they won't be using this to unlock your iPhone and steal all your data (which, by the way, is stored on the Graykey once it finishes doing its job), they're pushed more towards working with other organizations that study cyber-security and develop patches or report these vulnerabilities to the device's company. Oh, and by "working with", I mean they sell this product to them obviously.
Summarizing this papyrus, people who have nothing to hide shouldn't be worried about this device. Its moderately high-cost ($15k - $30k) means it won't be in the streets and the government uses it for criminal investigations. Remember, to actually unlock a device you need to have physical access to it for hours, days, maybe even weeks depending on the password complexity. Using strong passwords is always recommended and unless you're a terrorist (boo-hoo to you), you shouldn't be affected by it.
I mean, if you're in trouble with federal companies then boy start running 'cause this device will be up in your iPhone in no time. If they want access to your data, they can have it. It's wrong and all but it's a real possibility and, furthermore, it's a real thing. Hackers exist and they have pretty good ones. In other cases, congrats, you're in the majority of the world population and you'll never hear about this thing again. Hopefully.
Anyways, after reading the Forbes article, I don't think there can be a permanent solution.
As we know, iOS (and Android, FYI) can lock the possibility of accepting any more password attempts for a set amount of time. Apparently, Grayshift found a way to bypass this system through an exploit, then continuing with a bruteforce-method of cracking the iOS device passwords. This is all done through their little device called the "Grayshift".
So? Well, the bad part is that this is a private cyber-security company and not much is known about them. They do have extremely competent people in this field amongst their ranks and most of them have experience with finding zero-day exploits in Apple devices. This means that the exploit, if it is ever uncovered by Apple, may not take too long to finally be rethought of, recoded and newly launched onto the market with a Graykeyv2.They have been able, reportedly, to use this exploit on a brand new iPhone X which means big trouble for Apple.
Forbes also talked about the "San Bernardino" event which happened a couple of years ago, in which the FBI asked Apple to unlock a device, precisely Syed Rizwan Farook's iPhone, which was allegated to terrorist operations. Apple "vehemently protested" against this so the FBI decided to bring the device to a private company which allegedly unlocked it for about $1M. These exploits aren't new.
This June, Grayshift is supposed to hold a conference in Myrtle Beach, California. This company isn't a black-hat group which means they won't be using this to unlock your iPhone and steal all your data (which, by the way, is stored on the Graykey once it finishes doing its job), they're pushed more towards working with other organizations that study cyber-security and develop patches or report these vulnerabilities to the device's company. Oh, and by "working with", I mean they sell this product to them obviously.
Summarizing this papyrus, people who have nothing to hide shouldn't be worried about this device. Its moderately high-cost ($15k - $30k) means it won't be in the streets and the government uses it for criminal investigations. Remember, to actually unlock a device you need to have physical access to it for hours, days, maybe even weeks depending on the password complexity. Using strong passwords is always recommended and unless you're a terrorist (boo-hoo to you), you shouldn't be affected by it.
I mean, if you're in trouble with federal companies then boy start running 'cause this device will be up in your iPhone in no time. If they want access to your data, they can have it. It's wrong and all but it's a real possibility and, furthermore, it's a real thing. Hackers exist and they have pretty good ones. In other cases, congrats, you're in the majority of the world population and you'll never hear about this thing again. Hopefully.
Do you prefer to be Infamous or forgotten?
RE: Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X
22-03-2018, 12:30 AM
#3 Shame it's literally one IOS update away from becoming a $15,000 paper weight.
RE: Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X
25-03-2018, 09:15 AM
#4 25-03-2018, 07:09 AMCodegeekman Wrote: Good thing I have android, I love my google pixel.
Do you realize that Android is easier to crack than iPhone?
RE: Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X
25-03-2018, 03:22 PM
#5 in germany they just finished the first court case that used evidence obtained from a cracked iphone by graykey.
Users browsing this thread: 1 Guest(s)