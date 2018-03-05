Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X For The Feds (forbes.com) 34
Thomas Fox-Brewster, reporting for Forbes: Just a week after Forbes reported on the claim of Israeli U.S. government manufacturer Cellebrite that it could unlock the latest Apple iPhone models, another service has emerged promising much the same. Except this time it comes from an unkown entity, an obscure American startup named Grayshift, which appears to be run by long-time U.S. intelligence agency contractors and an ex-Apple security engineer. In recent weeks, its marketing materials have been disseminated around private online police and forensics groups, offering a $15,000 iPhone unlock tool named GrayKey, which permits 300 uses. That's for the online mode that requires constant connectivity at the customer end, whilst an offline version costs $30,000. The latter comes with unlimited uses. Another ad showed Grayshift claiming to be able to unlock iPhones running iOS 10 and 11, with iOS 9 support coming soon. It also claims to work on the latest Apple hardware, up to the iPhone 8 and X models released just last year. In a post from one private Google group, handed to Forbes by a source who asked to remain anonymous, the writer indicated they'd been demoed the technology and that it had opened an iPhone X.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Being that this service is being labeled "Mysterious". I expect they are opening up the phone, tapping into the storage media. Downloading all the data. The brute forcing it until they get in. Being most people just use a 4 digit pin. That means 9999 possible combination. If they use a password, then we have the brute force password hacking algorithms.
Such a process I would expect the 30k to be a reasonable price. Taking account opening an iPhone without breaking it, skills to tap into a soldered SD Driv
It's a software solution (Score:2)
At least according to the description.
We just need the galactic key (Score:2)
Pirated in 3...2...1... (Score:2)
That ex-Apple employee (Score:1)
Could Apple go after him for undermining their current products?
Re: That ex-Apple employee (Score:2)
Apple just spent 30.000$ I guess.
DMCA? (Score:2)
All kidding aside Apple will I'm sure just treat this like any other exploit uncovered and change their product to prevent it. Then they'll create a new tool. Welcome to the endless game of Security Whack-a-Mole.
Re: (Score:3)
It'll suck for the people who spent the $15k or $30k on the product, only to have it stop working not long afterwards.
I'd hopw that $15k/$30k would include upgrades for a long enough time to be worthwhile, otherwise it's a money sink.
law enforcement use can by pass the dmca (Score:2)
law enforcement use can by pass the dmca
Maybe app developers need to start encrypting? (Score:2)
Maybe app developers should consider doing their own encryption for data stored? This could be fairly simple, depending on the persistence of the data. If the data doesn't leave the device, create two nonces, stuff one in KeyChain, have an app PIN or PW unlock the other part, XOR it for the working key. That way, the OS (which is normally secure) maintains security, but the app still has stuff secured by the separate added PIN/passphrase.
If the data has to be backed up, it could be encrypted with a nonce
15 large for 300 uses? Sounds cheap... (Score:2)
OK, 15 grand is a lot for the average individual, but for law enforcement etc. it's peanuts.
Did I not read hear about that Israeli firm charging 100 k a pop?
This is really discounting hard - 50 bucks per phone cracked, (if that's what they're doing).
Re: (Score:2)
Should be considered treason. (Score:2)
This is completely against the publics own interest and should be considered treason, IMHO.
Re: (Score:2)
Definitions mean nothing to the current governing regime.
We're talking about a government that has chosen to take "national security" to include even things that merely *might* be of signifiicant economic interest... to only one particular industry, I might add.
Hardware or software? (Score:2)
Someone suggested that this is a brute-force attack (and TFA even hints at that). I don't buy that, because a brute-force attack involving opening up the phone would be nothing really new. I expect they are exploiting a vulnerability.
So sure, Apple immediately spent $30k for a license, so that they can analyze it. The fascinating question will be: Does the exploit rely on a hardware flaw or a software flaw? If the latter, it will quickly be patched. If this is ultimately relying on some weakness in the hard