GrayKey is a $15,000 Device that Helps Law Enforcement Agencies Unlock iPhones
Strong encryption access to the public has been debated for quite some time. The Apple and the U.S Federal Bureau of Investigation fought tooth and nail. In fact, one of the federal judges asked Apple to help FBI unlock an iPhone that belonged to the shooter. The judge further added that Apple could overhaul the system such that the feature that locks the iPhone after ten unsuccessful attempts is disabled. At a much later date, the case was dropped since the Department of Justice announced that they had accessed the device.
Amidst all of this, one could clearly hear the name Cellebrite ricochet. Cellebrite is allegedly an Israeli company that provides iPhone unlocking services to law enforcement authorities. Apparently, the company apparently charged $5000 per device and the process begun once the iPhone reached the Cellebrite facility.
In all likelihood, Thomas from MalwareBytes believes that Cellebrite knows of iOS vulnerabilities or perhaps a bunch of them. It is speculated to be using the same in breaking into the iPhones and retrieving the user data. However, in recent days a new iPhone unlocker device called GrayKey has been making rounds. This box/device would help the regulatory authorities to unlock the devices at the comfort of their facilities without the need to send the device anywhere.
The GrayKey is a small box that is four inches and comes with two lightning cables. Two iPhones can be connected simultaneously. This is how it works, the iPhones need to be connected for two minutes and then they are disconnected. Once this is done, the phone display will beam a black screen along with the password. Breaking into the device may take anywhere from less than a minute to three days. According to Grayshift, even phones that are disabled can be unlocked with this method.
Once the device is unlocked, the filesystem is downloaded into the GrayKey device and can be accessed via a web-based computer interface. The entire content that was encrypted earlier will be visible and also available for download. The GrayKey apparently sells two variants, one costs $15,000, requires internet connectivity and is geofenced. What this means is that once set up it cannot be used on any other networks. The other one, however, is an offline variant that has no limit on the number of unlocks. That being said, it will work as long as Apple finds and fixes the vulnerability.
The GrayKey is nothing short of a double-edged sword. While it may help the authorities to break into iPhones of criminals, the implications are far wide fetched than that. Anyone in possession of the GreyKey will be able to unlock and access the encrypted data of any iPhone, this in itself will put a large number of iPhone users in peril. Perhaps it will also help in carrying out state-sponsored cyber attacks. If the GrayKey becomes available in the grey market it will help dubious elements jailbreak iPhones. Thieves can simply unlock the stolen phones and resell the same. It is quite likely that the data will be sold too. In the near future, this device might very well hang like a sword of Damocles on the Police and the authorities head.