Security researchers Malwarebytes drew attention to the GrayKey device, an iPhone unlocker by a company called Grayshift. While it can be purchased off of Grayshift’s website, through a form that checks for law enforcement affiliation, only those authorities will actually be able to purchase the iPhone cracking device.
“Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device but are not yet cracked. Sometime later, the phones will display a black screen with the passcode, among other information,” says Malwarebytes.
After unlocking the iPhone, the GrayKey then downloads the entire contents of the device and allows authorities to access them via a web-based interface. While companies like Cellebrite do offer iPhone cracking services to authorities as well, they usually require the iPhones to be sent to their facilities.
With the GrayKey, law enforcement can have their own in-house iPhone cracking devices. Apple, of course, has never offered something like this, but with so many iPhone cracking services popping up, it might not matter.
While Grayshift screens for law enforcement affiliation before selling the GrayKey, security researchers worry that it’s only a matter of time until GrayKeys fall into the wrong hands and become available on the blackmarket. Even worse, there’s no telling what security measures a GrayKey itself has, so the device could be hacked, leading to a chain of security vulnerabilities.
Only time will tell what the ramifications of this GrayKey will be.