“GrayKey” iPhone unlocking device revealed, could pose threat to privacy, security in the wrong hands

❝The GrayKey forensic tool has surfaced, albeit it could present privacy and security concerns if obtained and misused by criminals and thieves.

GrayKey offers a way for government agencies and members of law enforcement to gain access to an iPhone without sending it off for analysis by security analysts. The tool is marketed as being able to extract the full filesystem from an iPhone, and is able to perform brute-force passcode attacks against the device in a short period of time.

An anonymous source within MalwareBytes Labs released a picture of the device, which measures four inches square by two inches deep, with two Lightning cables on the front of the device allowing two iPhones to be connected at the same time.

The iPhones can be disconnected from the unit after about two minutes, but after disconnection, software will continue running on the iPhones to crack the security, later showing the passcode and other details on the iPhone’s screen. The source advised the time for this process can vary from two hours for shorter passcodes up to three days or longer for six-digit versions.

Following the unlock procedure, the iPhone can be reconnected to the GrayKey device to allow the full contents of the filesystem to be downloaded to a connected computer via a web-based interface. This includes the unencrypted contents of the iPhone’s onboard keychain.

The device apparently works with newer iPhones, including the iPhone X handset, and can work on devices running up to iOS 11.2.4.❞

Tags: iPhone + GrayKey + criminals + government + MalwareBytes Labs + unlock + privacy