There’s apparently a device that can unlock basically any iPhone. And today, we’re getting our first glimpse at it.
Last week, news surfaced of a tool called GrayKey that can allegedly crack any encrypted iPhone running iOS 10 or iOS 11. GrayKey is apparently being marketed to law enforcement organizations by its creator, startup firm Grayshift.
Grayshift claims that its device can bypass any iPhone’s security as long as it can connect to the internet. The rate promises to unlock iPhones for about $50 a piece — although if a law enforcement entity wants to fork over $30,000, Grayshift promises an unlimited number of “offline” iPhone cracks.
Before today, we had no idea what GrayKey looked like or how it functioned. But now, security researchers at Malwarebytes Labs have published the first photos depicting the device. The firm apparently received the pictures from an anonymous source.
At first glance, GrayKey is fairly unassuming. It looks like a small, portable box with two Lightning connectors protruding out of it.
Two iPhones can be connected to the device at once, Malwarebytes wrote in a blog post. Once plugged in, GrayKey installs proprietor software that guesses an iPhone’s passcode. For a short, four-digit passcode, the box takes as little as a couple hours to unlock it. For longer, six-digit passcode, the process can take several days.
Once it guesses the passcode, it’s displayed directly on the iPhone’s display. Once unlocked, GrayKey can access all of the device’s unencrypted data — which can be then be downloaded to a computer.
It’s still unclear how exactly GrayKey guesses a password, but Malwarebytes Labs theorizes that some sort of jailbreaking is involved.
The device can apparently unlock most Lightning-equipped iPhone devices running newer versions of iOS. Based on the pictures obtained by the security firm, the device is confirmed to be able to unlock an iPhone X running iOS 11.2.5.
While GrayKey is likely to be a boon for law enforcement officials who want to unlock a criminal’s device, it obviously represents a security concern for other iOS users.
Malwarebytes is concerned about the potential for the device to fall into the wrong hands. While it uses security mechanisms to mitigate the risks, wider availability and human error could obviously cause the GrayKey to become a tool for criminal entities.
There’s also the issue of the possible jailbreaking. Once a law enforcement agency is done with the particular iPhone, it could be permanently damaged. Similarly, the jailbreaking process could alter it in a way that prevents it from being repaired by Apple.
It’s also not known who Grayshift is selling the device to. It could be marketing GrayKey to law enforcement and intelligence organizations domestically, but it could also offer the device to foreign governments and police agencies abroad.
Apple works regularly to patch security holes such as these, so it’s likely that the company will attempt to address the flaw in upcoming software updates. But since the exact unlocking method is unknown, that could prove to be difficult.
Of course, the average iPhone owner shouldn’t be too concerned about being directly affected by GrayKey. But the existence of such a device — and the possibility that it could end up in the hands of malicious entities — is still troubling.