A secretive unlocking tool offered to cops and government agents has some computer security bods worried over its privacy implications.
Known as GrayKey, the box is reportedly being marketed as a way to unlock iPhones without needing the key code. The hardware is reportedly offered in two forms: an internet-connected model that costs $15,000 with a 300 use limit, and an offline model costing $30,000 with no unlock limit.
The GrayKey site itself is hidden behind a registration wall, and maker GrayShift simply says the product "is not for everybody". The biz did not respond to a request for comment.
Antivirus outfit MalwareBytes says it was able to get a closer look at the device and its underlying technology, and the company does not like what it sees. Researcher Thomas Reed said the device carries with it some "significant security risks".
According to Reed, who was able to get details on the product via an anonymous source, the GrayKey is actually a small box that contains a pair of Lightning cable connectors. An iPhone is plugged into the device and, after anywhere from two hours to three days (depending on the length of the access code), the phone is unlocked and its contents captured and uploaded by the device.
The MalwareBytes researcher suspects that, like the better-known Cellebrite unlocking tools, GrayKey uses one or more zero-day flaws in iOS to brute-force unlock the handsets.
From there, Reed says, law enforcement can use a browser to view the contents of the handset and its keychain.
The problem, says Reed, arises when the device, a 4x4x2-inch box, is stolen from police or otherwise put into the wrong hands. In particular, the more expensive "offline" model that runs with nothing more than a hardware token for authentication.
"Once off-site, it would continue to work," Reed explains.
"Such a device could fetch a high price on the black market, giving thieves the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones."
Reed notes that other devices designed to unlock or flash iPhones, such as the IP-Box diagnostic tool, have indeed fallen into the hands of criminals and were used to get around the handset's security protections.
Even if the device isn't stolen, the unlocking procedure it uses could be exploited by bad actors after an iPhone is returned by police.
"What happens to the device once it is released back to its owner? Is it still jailbroken in a non-obvious way?," Reed asks.
"Is it open to remote access that would not normally be possible? Will it be damaged to the point that it really can’t be used as intended anymore, and will need to be replaced? It’s unknown, but any of these are possibilities." ®