Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

iPhone unlocking firm Grayshift faces extortion demands after data breach

GrayKey device. | Source: MalwareBytes

Last updated

Grayshift, the firm responsible for the GrayKey iPhone hacking tool, is in the crosshairs of an extortionist after its product's source code was inadvertently exposed to the internet last week.

An unknown party appears to have snatched GrayKey's source code and leaked a portion of the data online, reports Motherboard. Alongside the code, the hacker or hackers included a message threatening to distribute more of GrayKey unless Grayshift places two Bitcoin, currently worth about $19,000, into a secure account.

The company confirmed the breach, but says no sensitive data was exposed in the incident.

"Due [to] a network misconfiguration at a customer site, a GrayKey unit's UI was exposed to the internet for a brief period of time earlier this month," Grayshift said in a statement. "During this time, someone accessed the HTML/Javascript that makes up our UI. No sensitive IP or data was exposed, as the GrayKey was being validation tested at the time. We have since implemented changes to help our customers prevent unauthorized access."

The anonymous party posted two separate messages requesting payment from Grayshift, each of which included a snippet of code that appears to be associated with GrayKey's user interface. Grayshift maintains the hackers failed to glean code responsible for operating a GrayKey box, or functional code responsible for cracking an iPhone.

GrayKey garnered media attention in March as a cost-effective digital forensics solution designed specifically to unlock password-protected iPhone hardware. Advertised in two "flavors," GrayKey is available as an internet-connected, limited-use unit for $15,000, while an unrestricted standalone version sells for $30,000.

The device itself is a small gray box with two Lightning connectors. Once an iPhone is attached, the device inserts what appears to be jailbreak software that leverages an as-yet-undisclosed zero-day exploit to bypass built-in iOS security protocols.

To thwart brute force attacks, commonly used by automated passcode guessing solutions, Apple employs a mechanism that delays input after incorrect attempts. Specifically, iOS institutes a mandatory pauses after four consecutive attempts, running from one minute for a fifth unsuccessful attempt to one hour for the ninth consecutive error. An additional protection allows iPhone owners to wipe their device on a tenth unsuccessful attempt.

GrayKey is able to bypass each failsafe, including the automated data erase option. The method has proven capable of unlocking devices up to iPhone X running iOS 11.3.

A report earlier this month suggests GrayKey can break a simple four-digit code in a matter of minutes, while a six-digit code — now the standard for iOS — takes an average of 11 hours. Longer ten-digit and alphanumeric codes, however, can take up to 25 years to break.

Boasting a fairly rapid unlocking process on the cheap, GrayKey has enjoyed high demand from a variety of law enforcement agencies. Reports this month suggest Grayshift is selling units to local police departments and federal government agencies including the State Department, while the Secret Service and Drug Enforcement Agency have shown interest in the technology.

There are a number of unanswered questions surrounding GrayKey, some of which touch on security concerns related to a network-attached unlocking tool. As the exact workings of GrayKey remain under lock and key, some wonder whether the device can be remotely accessed or if third parties can intercept data sent from the box to Grayshift servers.

Today's news is troubling not only for Grayshift, but for iPhone owners as well. If the hackers were able to secure GrayKey's source code, as they claim, the information could theoretically be acquired by unscrupulous organizations or individuals. Indeed, the extortionists have set up a secondary address to accept Bitcoin offers from "wild bidders" interested in procuring the alleged code. Of course, this second address could merely be a ploy to push Grayshift into paying the ransom, but the specter of a fully developed iPhone unlocking tool floating in the wild remains.

So far, neither account has received payment, the report said.



50 Comments

macseeker 8 Years · 541 comments

This is too fun. Time for some fine bubbly.

radarthekat 12 Years · 3904 comments

Seems Apple should be able to shut down this exploit.  A code review is in order, and I imagine, in process.  At some point Apple will likely find a method to completely block jail breaking.  Perhaps there’s a means by which a gatekeeper hardware solution could be built in that requires a handshake with an Apple server before any kind of change representing a traditional jailbreak could be stored to the phone or run in memory.  Shut down these software exploits the jail breakers always seem to be able to identify.  

georgie01 8 Years · 437 comments

I’m quite pleased this firm developed this product. It shows the fuss the FBI and other law enforcement agencies is unfounded, that it’s the responsibility of others to work out solutions to get at the data rather than ask the manufacturers to solve law enforcement’s problems.

It also shows the lack of willingness of the FBI and other law enforcements agencies to sacrifice security for freedom (which is very shortsighted because it solves an immediate problem while creating a much bigger one) is even more problematic, because the problem can be solved.

seanismorris 8 Years · 1624 comments

Criminals are stuuuuupid.  Now the FBI is 2x motivated to shut them up. 
(One because extortion is illegal.  Two because they don’t want the code leaked and the vulnerability patched)

roake 10 Years · 820 comments

georgie01 said:
I’m quite pleased this firm developed this product. It shows the fuss the FBI and other law enforcement agencies is unfounded, that it’s the responsibility of others to work out solutions to get at the data rather than ask the manufacturers to solve law enforcement’s problems.

It also shows the lack of willingness of the FBI and other law enforcements agencies to sacrifice security for freedom (which is very shortsighted because it solves an immediate problem while creating a much bigger one) is even more problematic, because the problem can be solved.

With all due respect, the FBI has a great deal of willingness to sacrifice both.