iPhone hacking tool GrayKey techniques outlined in leaked instructions

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Leaked instructions for GrayShift's GrayKey iPhone unlocking device have surfaced, giving an idea of what the device intended for law enforcement officials can do, and how it works.

GrayShift's GrayKey is an infamous device used to unlock and pull data from iPhones and iPads owned by suspects, as part of an investigation by law enforcement officials. While the device is known to exist, and has even been photographed as part of FCC filings, a release of details from written instructions for the device provides a better idea of the device's capabilities.

The device effectively functions by performing a brute-force attack against the iPhone's passcode, which is used to secure the smartphone. While not entirely perfect, the system has been known to successfully gain entry into a secured iPhone using its methods.

The instructions, supposedly written by the San Diego Police Department and obtained by Motherboard, initially ask users to "determine if proper search authority has been established for the requested Apple mobile device." It then goes on to explain ways the GrayKey can be used, such as Before First Unlock (BFU), when the phone is already on (After First Unlock, AFU,) or if it has a damaged screen or low battery.

Leaked instructions for GrayKey [via Motherboard]

The device can install an agent to a device with 2 to 3% battery life remaining, the instructions reveal. The agent is used for the brute force attack, but continuous power is required until the passcode itself is discovered.

Users can elect to have data collected in various ways, such as extracting metadata for inaccessible files, and "immediate extraction" once unlocked.

In guidance on brute-forcing an alphanumeric passcode, analysts have to perform extra actions, such as loading a wordlist used to try against the password. A default wordlist is provided titled "crackstation-human-only.txt, which consists of around 1.5 billion words and passwords, though other wordlists can also be used.

Once the agent has been installed, the iPhone is placed into Airplane mode, and could be disconnected from GrayKey at that time.

There is also mention of HideUI, an agent that can be used to secretly record a user's passcode, if law enforcement hands it back to the suspect.

Tools like GrayKey have become an important element of police investigations around the world, as law enforcement attempt to get around the core security of operating systems to see a suspect's data. It was allegedly used by the FBI in late 2019 to gain access to a locked iPhone 11 Pro Max as part of a high-profile investigation.

Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.

If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.

AppleInsider is also bringing you the best Apple-related deals for Amazon Prime Day 2021. There are bargains before, during, and even after Prime Day on June 21 and 22 — with every deal at your fingertips throughout the event.