Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Grayshift becomes second service to promise forensic unlocks for Apple's iPhone 8 & X

Adding to the evidence that Apple's latest iPhones are no longer safe from hackers — legal or otherwise — a second company has come forward selling its ability to break in.

A startup called Grayshift is advertising a tool called "GrayKey," which costs $15,000 for an always-online version limited to 300 uses, Forbes said on Monday. An unlimited offline edition is priced at $30,000. Grayshift is said to be staffed by U.S. intelligence agency contractors and a former Apple security engineer.

GrayKey is marketed as being able to extract the full filesystem from a device, and brute-force passcodes, despite Apple's safeguards against that practice.

It may be relying on exploits thought to be used by Cellebrite, targeting the Secure Enclave found in every iPhone since the iPhone 5s. Normally it takes longer and longer between brute-force passcode attempts, ultimately up to an hour. With a six-digit passcode, it can take an inordinate amount of time to stumble across correct numbers.

Because GrayKey doesn't require sending devices into a lab, Apple should be able to obtain a copy and reverse-engineer it to discover how it works and fix relevant security holes.

GrayKey is meanwhile said to be cheaper per-device than Cellebrite's product, which is roughly $1,500 per iPhone. Assuming an organization expects to crack at least 300 iPhones, Grayshift's price works out to just $50 for each hack.

Although companies like Grayshift and Cellebrite may be used in legitimate efforts by law enforcement and spy agencies, critics have worried that those same agencies can potentially help governments — and corporations — abuse their reach.



23 Comments

lkrupp 10521 comments · 19 Years

So Android wins the security war after all, hand down. No mention of any other platforms they can hack so I guess it’s all over for iOS users, huh. Oh, Cellebrite admits they do need physical access so there’s that.

How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. We never hear a peep about Android security so I must assume it’s impregnable. No bragging from Cellebrite opr Grayshift about cracking Windows or Android so... won’t ISIS and Al Qaeda just switch to Android now? Wouldn’t Apple save a lot of money by just forgetting about security since there is none anymore?

fallenjt 4056 comments · 13 Years

lkrupp said:
So Android wins the security war after all, hand down. No mention of any other platforms they can hack so I guess it’s all over for iOS users, huh. Oh, Cellebrite admits they do need physical access so there’s that.

How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. We never hear a peep about Android security so I must assume it’s impregnable. No bragging from Cellebrite opr Grayshift about cracking Windows or Android so...

There is NO security for Android. Everyone can hack any android device. So, government doesn't need any help while iOS is good for money makers because Apple straight up refused to unlock it for the government.

toysandme 243 comments · 16 Years

lkrupp said:

How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. ...

FYI: Every cab driver and their mother can access Android phones. The OS is designed by Google, so what do you expect? The company that’s demonetized and destroyed thousands of YouTube and Gmail accounts over the past couple of months with no end in sight. Even Dr Jordan Peterson lost 100k+ emails for a while. Google’s name is now memed into Goulag. I avoid Google products like the plague. 

sflocal 6138 comments · 16 Years

Adding to the evidence that Apple's latest iPhones are no longer safe from hackers -- legal or otherwise -- a second company has come forward selling its ability to break in.

Okay AI, please provide an official statement from Apple that claimed iPhones were "safe" from hackers to begin with?