The Magic Box that Unlock of iPhone x and All Other iPhones: GrayKey

The box created by GrayShift is the one that leads this article. It is a square of about 10 centimeters on each side and another 5 centimeters in height. Two lightning cables protrude from it and serve to connect two different devices for about two minutes.

According to Forbes, the GrayKey iPhone unlocker device is marketed for in-house use at law enforcement offices or labs. This is drastically different from Cellebrite’s overall business model, in that it puts complete control of the process in the hands of law enforcement. Thanks to an anonymous source, we now know what this mysterious device looks like, and how it works. And while the technology is a good thing for law enforcement, it presents some significant security risks.

After this time, MalwareBytes ensures that the phone is not unlocked yet. During the time they are connected, software is installed on the device that tries to find out the unlock PIN code. The process can take a few hours or several days depending on the difficulty of the PIN: if there are 4 figures, it will be less time; if it is an alphanumeric code, it will take several days.

What seems to be no doubt is that this box is capable of carrying out its mission if given enough time. Once elapsed, the entire content of the device is transferred to the GrayShift box. From there, you can access the content through a website where you can also download all the content. Including encrypted passwords in the Keychain (the publication does not specify if it is the iCloud Keychain, but it could be).

In the image above you can see how the system works with an iPhone X with iOS 11.2.5, which was probably the most current version at the time the screenshots were taken.

The upper image shows the screen that appears when the process is finished. The iPhone itself shows its unlock code and the time it took to find it, in this case 30 seconds for a 6-digit PIN.

GrayKey is a danger that Apple must solve as soon as possible

The device created by GrayShift is not a joke, it is a very serious threat to the security of all iOS users. Rumors suggest that iOS 11.3 solves the exploits used by this system, but that would expose all users of previous versions of iOS.

As we saw at the time, GrayShift commercializes two types of services:

• One that costs $ 15,000 and can be used in 300 devices through an annual license. Now we know that this modality is restricted to a single location, such as a police station.

• Another that costs $ 30,000 and that has no restrictions of use of any kind.

Given the dimensions of this box, it is a very simple device to hide, keep in your pocket and go out with it without anyone noticing. In the black market you can reach a very high price, which makes it a very tempting business for anyone, even the police itself.

It is not clear if GrayShift markets its services and devices only in the US, but it would not be strange if some of them ended up in the hands of authoritarian countries with the intention of monitoring and spying on annoying citizens. GrayKey still requires physical access to the device. However, if the unlocking process was fast enough, it could go unnoticed by the victim: you take your iPhone, connect it to the box, unlock it and put it back in its place.

If it is confirmed that iOS 11.3 fixes these security flaws, Apple should push the update to all possible devices in the shortest amount of time. Only then can you disable this threat to users.!