A tiny US company called Grayshift is reportedly quietly touting software it claims can unlock Apple’s flagship handsets, the iPhone X and 8.
This follows a similar claim by Israeli company Cellebrite last week which, it later emerged, was good for every iPhone up to the latest version of iOS, 11.2.6.
That’s two iOS unlocking stories in a few days, both based on anonymous sources talking to the same journalist.
Naked Security has already looked at the Cellebrite claims, so how does this latest one stack up?
The important questions: under what conditions can unlocking be achieved, how was it achieved in the first place, and what might Apple do in response.
According to Grayshift’s reported marketing materials, the iPhone X and 8 unlock tool is called GrayKey, which costs $15,000 for the 300-use online version or double that for unlimited use offline.
In addition to unlocking iOS 11, the company says the tool can also tackle iOS 10 devices, with support for iOS 9 not far off, which puts it on par with Cellebrite.
The story’s details aren’t crystal clear but the phrase “unlocking” appears to mean what one would assume – access to data stored on the device.
If the claims are true, it’s possible they’ve found a way around Apple’s Secure Enclave, a system-within-a-system chip introduced with the iPhone 5s onwards to secure encryption keys independently of the OS itself.
Researchers have speculated about how this might be attacked in the past but it would probably require more than simply firing up an unknown iOS-themed exploit or two.
It is also not clear how much of a barrier Apple’s passcode restrictions might still be (i.e. wiping the device after 10 incorrect passcodes, increasing the time between guesses) to GrayKey customers.
Intriguingly, GrayShift claims its software will work against disabled iPhones, which is one of the states an iPhone can enter if a passcode is entered incorrectly too many times.
What does this mean?
It appears that as long as they have physical access to an Apple device and enough time, the FBI (and presumably other agencies), can probably find a way to access its data some or most of the time.
This is not something criminals could use against Apple users for a remote compromise. Until more details emerge it’s impossible to be more specific than that.
Meanwhile, as suggested in our previous look at this story, setting a passcode longer than six digits is always a good idea.
The next part of this story will centre around how long Cellebrite and Grayshift will be able to keep secret any vulnerabilities they’ve found in Apple’s security.
Most likely, someone will either discover and publish the vulnerabilities independently, or Apple will get wind of them by other means.
4 comments on “Second company claims it can unlock iPhone X”
So for 30k, anyone can start a business unlocking them. Guess iPhone theft is going to go through the roof now…. forget about secure passwords, time to attach a chain to them like the old biker wallets.
The article does not make clear *why* only the FBI/other agencies, but not ‘criminals’, can probably now access devices. What does the $15K fee do, then? That implies that anyone who pays the fee will get the software and be able to break access codes. Really confusing. Unless…the company only sells to government agencies? But nowhere in the article is that stated.
right, anyone can buy it. And since breaking encryption is illegal, only criminals will buy it – no matter who they work for. Which surely the NSA jumped on, since it’s not their money and it violates US law…
“This is not something criminals could use against Apple users for a remote compromise. Until more details emerge it’s impossible to be more specific than that.”
The key phrase there is the remote compromise, they haven’t suggested the ethics of the company is a bar to this ability, it is instead the physical access to the users device.