Recently, foreign media published graykey, a tool for law enforcement to crack iPhone passwords, which is very simple in appearance and operation. It can crack an iPhone soon. What's the specific situation? Let's learn about it with Xiaobian.
What happened to the iPhone being cracked
Last week, news surfaced about an iPhone unlocking device previously unknown as graykey. Today, Malwarebytes shared photos and additional information about the product, designed for law enforcement.
Created by grayshift, graykey is a small, portable gray box with dual lightning cables.
Both iPhones can connect to the graykey immediately, and it takes about two minutes to install special software designed to guess the iPhone password. Once the software is installed, it can crack the password. In this process, you can get a short password in a few hours and a longer password in a few days.
Once the graykey software breaks the password, it will be displayed directly on the iPhone screen. You can then plug the iPhone back into the graykey to download all the data on the iPhone, including the unencrypted content of the keychain, which can then be accessed using a computer.
According to the screenshot, graykey can crack the iPhone running the current IOS version. It works with iPhone X and IOS 11.2.5. It may also work with IOS 11.2.6, unless Apple tries to block it in the latest OS update.
Grayshift probably designed graykey for law enforcement professionals, and it's relatively expensive. The $15000 version requires an Internet connection and once established is placed in a specific location, while the $30000 version does not require an Internet connection and can be used anywhere.
Malwarebytes worries that the portable version of graykey could easily fall into the wrong hands. It uses two factor authentication, but given that people 'often write passwords on notes and put them on the monitor', the passwords may stay in the same location as the device.
The working principle of graykey is not clear, but it is believed to use some kind of jailbreak program, which may damage the iPhone to some extent. It is not known how the graykey device itself protects the data stored on it, and whether the data can be accessed remotely by hackers.
Whether grayshift is selling these devices is unclear. Sales may be limited to U.S. law enforcement officials, but it may also be available abroad. Other types of equipment have been taken out of the hands of law enforcement agencies and are widely used, so the same can happen to graykey.
Apple has been trying to fix various vulnerabilities used by devices like graykey, so no matter which mechanism is used, it can be fixed in future updates. Ordinary iPhone users may not need to worry about graykey, but as Malwarebytes points out, it's hard to know that such a device might fall into the hands of a malicious entity.