GrayKey iPhone unlocking box used by law enforcement
The small, portable GrayKey box, costing $15,000 for an internet-connected version tied to a specific location or $30,000 for an offline version usable anywhere, takes two minutes to install proprietary software designed to guess an iPhone's passcode. Intended for use by law enforcement officials, the box can take from a few hours to crack a short passcode to several days for a longer one. Once cracked, the passcode is displayed on the iPhone's screen; then the iPhone can be reconnected to the GrayKey, which will download all of the data on the phone including the unencrypted contents of the Keychain. The data can then be accessed using a computer. It works with the iPhone X and iOS 11.2.5, and is thought to work with the latest version, iOS 11.2.6.
Among the risks of this device: although it uses two-factor authentication it could fall into the wrong hands, especially the unlimited version. It's not known how or whether the device itself protects the data it stores and whether it could be remotely accessed. How it works us unknown, but if, as is likely, it uses a jailbreaking process it could potentially damage the iPhones it's used with and leave them open to remote access. Also unknown: who GrayKey's customers are. Apple has in general fought to block such operations, so the device may be disabled in future releases.
Writer: Juli Clover, Thomas Reed
Publication: MacRumors, MalwareBytes