A clandestine startup with a former Apple engineer as co-founder has built a device that is guaranteed to unlock any iPhone in a matter of hours. Known as GrayKey, the device works by exploiting known weaknesses in the device’s design.
Grayshift, a company based in Atlanta, reportedly sells two different versions of the device. The first one costs $15,000, and it can unlock 300 iPhones but needs an internet connection. The second one costs $30,000, it will unlock an unlimited number of iPhones and it does not require an internet connection.
According to public records, Indiana State Police recently placed the first order for the $15,000 version.
Just before last weekend Malwarebytes, a security software firm based in Santa Clara, released pictures and screenshots of how GrayKey actually works.
Malwarebytes says the device features two Lightning cables, enabling law enforcement agencies to connect to two phones at the same time. GrayKey reportedly return’s the device’s security code within two hours and can then download its full database for scrutiny.
Early in 2016, Apple was taken to court by the FBI because it refused to unlock an iPhone that belonged to one of the suspected individuals in the San Bernardino shooting. The FBI later decided to drop the case, stating that it had located a firm that could unlock the phone for them.
According to some reports, the bureau used Cellebrite, a security company from Israel that claims it can unlock iPhones in one of its two secure labs. Where Grayshift’s model differs from that of Cellebrite is that it enables the police to unlock any iPhone without involving a third party.
David Miles, an experienced cyber-security engineer and former director of development and research at IBM’s Internet Security group, cofounded Grayshift two years ago. Braden Apple, who previously worked as an engineer at Apple, also works for the firm.