Security researchers Malwarebytes drew attention to the GrayKey device, an iPhone unlocker by a company called Grayshift. Its website is behind a form that checks for law enforcement affiliation and only allows the authorities to purchase this iPhone cracking device.
“Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device but are not yet cracked. Sometime later, the phones will display a black screen with the passcode, among other information,” says Malwarebytes.
After unlocking the iPhone, the GrayKey then downloads the entire contents of the device and allows authorities to access them via a web-based interface. While companies like Cellebrite do offer iPhone cracking services to the authorities, they usually require the iPhones to be sent to their facilities.
With the GrayKey, law enforcement can have their own iPhone cracking devices. Apple, of course, has never offered something like this, but with so many iPhone cracking services popping up, it might not matter.
As highlighted by the security researchers, it’s only a matter of time until GrayKeys falls into the wrong people’s hands and becomes available on the black market, since it can also work completely offline.
Even worse, there’s no telling what security measures a GrayKey itself has, so the device could be hacked and someone could get their hands on a suspect’s entire phone contents.
Not so good for those who did nothing wrong or handed their phone to the authorities to aid in an investigation.