Roger Fingas
Adding to the evidence that Apple's latest iPhones are no longer safe from hackers — legal or otherwise — a second company has come forward selling its ability to break in.
A startup called Grayshift is advertising a tool called "GrayKey," which costs $15,000 for an always-online version limited to 300 uses, Forbes said on Monday. An unlimited offline edition is priced at $30,000. Grayshift is said to be staffed by U.S. intelligence agency contractors and a former Apple security engineer.
GrayKey is marketed as being able to extract the full filesystem from a device, and brute-force passcodes, despite Apple's safeguards against that practice.
It may be relying on exploits thought to be used by Cellebrite, targeting the Secure Enclave found in every iPhone since the iPhone 5s. Normally it takes longer and longer between brute-force passcode attempts, ultimately up to an hour. With a six-digit passcode, it can take an inordinate amount of time to stumble across correct numbers.
Because GrayKey doesn't require sending devices into a lab, Apple should be able to obtain a copy and reverse-engineer it to discover how it works and fix relevant security holes.
GrayKey is meanwhile said to be cheaper per-device than Cellebrite's product, which is roughly $1,500 per iPhone. Assuming an organization expects to crack at least 300 iPhones, Grayshift's price works out to just $50 for each hack.
Although companies like Grayshift and Cellebrite may be used in legitimate efforts by law enforcement and spy agencies, critics have worried that those same agencies can potentially help governments — and corporations — abuse their reach.
AppleInsider Staff
Chip Loder
Christine McKee
Malcolm Owen
William Gallagher
Andrew Orr
23 Comments
So Android wins the security war after all, hand down. No mention of any other platforms they can hack so I guess it’s all over for iOS users, huh. Oh, Cellebrite admits they do need physical access so there’s that.
How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. We never hear a peep about Android security so I must assume it’s impregnable. No bragging from Cellebrite opr Grayshift about cracking Windows or Android so... won’t ISIS and Al Qaeda just switch to Android now? Wouldn’t Apple save a lot of money by just forgetting about security since there is none anymore?