Last week, we commented here about an American company called Grayshift, who claimed to be able to unlock recent iPhones by force – the same practice that brought Israeli Cellebrite into the limelight and brought her closer to FBI agents and various intelligence agencies around the world.
Until then, however, we didn’t know exactly which method was used by Grayshift to hack into locked smartphones. Well, we are still not 100% sure of the path used by the Americans for such an inglorious task, but at least we have an idea thanks to these photos and report published by the blog of Malwarebytes.
This seemingly harmless little black box you see above, the infamous GrayKey, is the key to the whole process. The two Lightning cables on the front of the device allow two iPhones to be connected and unlocked at the same time, in a process that takes about two minutes. In the meantime, it is speculated that the box will make a jailbreak on the device and install malicious software on it; then, the iPhone is disconnected from the cable and the newly installed program does its task of discovering the access code (this step can take from two hours to three or more days, depending on the complexity of the password).
Once the password is discovered, the iPhone can be connected back to the device so that it downloads all the data in its internal memory – this data can be accessed through a computer connected to it, and even includes information system keys (that is, your passwords). GrayKey works on all recent versions of iOS, up to 11.2.5.
So far, the story is obscure enough to raise eyebrows around the world, but this is the part of most concern: Grayshift does not use the device internally to unlock iPhones sent directly to the company; instead, it sells the boxes directly to interested parties (presumably governments and intelligence agencies, but who can guarantee that?).
There are two options: the cheapest, mentioned in our original post, costs $ 15k and has the ability to unlock 300 iPhones. It also only works if connected to the internet and has a geographic lock – that is, if it is connected in a place outside which it was installed, it is automatically disabled for (obvious) security reasons.
More problematic is the second option, which costs $ 30k. This has no unlock limit and also does not require internet access or geographic limitation; instead, the box is activated by a two-factor authentication system (which, while reasonably secure, can be hacked – like basically any digital security system). That is, in addition to worrying about Grayshift’s responsibility to negotiate only with “responsible” and “in search of the greater good” entities (which, in itself, generates a rather complicated discussion), we still have to think about the possibility of the box falling into the wrong hands after purchase and be used by criminal organizations or things like that.
Obviously, it is not the case that we run out over the hills (in fact, this is a phrase that I always repeat in these articles). First, because GreyKey’s availability in the “market” would certainly mean that Apple could put its hand in one of the boxes and, by reverse engineering, plug the hole in iOS that allows it to work – and, from there, all updated devices would be immune to its action. It remains to be seen how long this would take and whether Apple could effectively protect all of its devices quickly, of course.
In the end, the simplest way to protect your iPhone and the data on it is to always: keep the device always with you, always updated and protected by a complex and secure password, without using it irresponsibly (downloading suspicious files or entering obscure websites). Following these steps, it is very difficult that you will ever have to worry about invasions and forcibly unlocking.