Grayshift, the company that makes an iPhone hacking tool called GrayKey, is already being targeted by malicious entities.
Last week, unknown attackers leaked portions of GrayKey’s code online. The hackers also demanded that Grayshift pay them in Bitcoin (roughly $15,000) to stop publishing any additional code, Motherboard reported on Tuesday.
GrayKey is a newly revealed device that can unlock basically any Apple handset — up to the iPhone X — running the most recent versions of iOS. In some cases, the device can unlock an iPhone in as little as a few hours.
Various law enforcement agencies across the U.S. have either purchased the device or have expressed interest in acquiring it. That includes local, state and federal agencies — from the Miami-Dade County Police to the Maryland State Police to the U.S. State Department.
Luckily, the leaked code “doesn’t appear to be particularly sensitive,” as Motherboard points out. Instead, it looks to be the U.I. messages that are displayed to a GrayKey user. There isn’t currently a reason to believe that the hackers actually have access to more dangerous data.
But Grayshift did confirm to the publication that the extortioners were able to access the code through an inadvertent data leak. “Due (to) a network misconfiguration at a customer site, a GrayKey unit’s UI was exposed to the internet for a brief period of time earlier this month,” the security firm told Motherboard.
The specific GrayKey in question was being “validation tested” when the leak occurred. Grayshift added that “no sensitive IP or data” was exposed, and that the firm is taking steps to prevent further unauthorized access.
The message addresses a Grayshift co-founder and “any other people interested in keeping GrayKey product secure and not available to the wide public.” The attackers describe themselves as a “business group” and claim to have obtained the “source code” for the GrayKey product.
In addition to the extortion address, there’s also a separate Bitcoin address for “bidders” who want GrayKey’s source code leaked to the public. As Motherboard reports, neither address has received any payments.
The publication also pointed out what appears to be an exposed GrayKey device broadcasting data to the internet. Motherboard found the alleged GrayKey via IoT-search engine Shodan.
iDrop News confirmed the device’s appearance on Shodan. As stated earlier, the leaked data apparently includes U.I. information instructing a GrayKey user through the process of unlocking an iPhone. It doesn’t seem to include any data or code that actually cracks encryption.
Wider issues of data privacy aside, the average iPhone user isn’t likely to be impacted by GrayKey devices in use by law enforcement agencies.
But this recent data leak and previous data breaches highlight the fact that the makers of these tools are targets for malicious actors. And, unfortunately for iPhone users across the globe, the hacking devices and systems they make can indeed fall into the wrong hands.