Grayshift becomes second service to promise forensic unlocks for Apple's iPhone 8 & X

Posted:
in iPhone
Adding to the evidence that Apple's latest iPhones are no longer safe from hackers -- legal or otherwise -- a second company has come forward selling its ability to break in.




A startup called Grayshift is advertising a tool called "GrayKey," which costs $15,000 for an always-online version limited to 300 uses, Forbes said on Monday. An unlimited offline edition is priced at $30,000. Grayshift is said to be staffed by U.S. intelligence agency contractors and a former Apple security engineer.

GrayKey is marketed as being able to extract the full filesystem from a device, and brute-force passcodes, despite Apple's safeguards against that practice.

It may be relying on exploits thought to be used by Cellebrite, targeting the Secure Enclave found in every iPhone since the iPhone 5s. Normally it takes longer and longer between brute-force passcode attempts, ultimately up to an hour. With a six-digit passcode, it can take an inordinate amount of time to stumble across correct numbers.

Because GrayKey doesn't require sending devices into a lab, Apple should be able to obtain a copy and reverse-engineer it to discover how it works and fix relevant security holes.

GrayKey is meanwhile said to be cheaper per-device than Cellebrite's product, which is roughly $1,500 per iPhone. Assuming an organization expects to crack at least 300 iPhones, Grayshift's price works out to just $50 for each hack.

Although companies like Grayshift and Cellebrite may be used in legitimate efforts by law enforcement and spy agencies, critics have worried that those same agencies can potentially help governments -- and corporations -- abuse their reach.
«1

Comments

  • Reply 1 of 23
    lkrupplkrupp Posts: 6,530member
    So Android wins the security war after all, hand down. No mention of any other platforms they can hack so I guess it’s all over for iOS users, huh. Oh, Cellebrite admits they do need physical access so there’s that.

    How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. We never hear a peep about Android security so I must assume it’s impregnable. No bragging from Cellebrite opr Grayshift about cracking Windows or Android so... won’t ISIS and Al Qaeda just switch to Android now? Wouldn’t Apple save a lot of money by just forgetting about security since there is none anymore?
    edited March 5 anantksundaramaegeanmac_dogGeorgeBMacwatto_cobra
  • Reply 2 of 23
    fallenjtfallenjt Posts: 3,931member
    lkrupp said:
    So Android wins the security war after all, hand down. No mention of any other platforms they can hack so I guess it’s all over for iOS users, huh. Oh, Cellebrite admits they do need physical access so there’s that.

    How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. We never hear a peep about Android security so I must assume it’s impregnable. No bragging from Cellebrite opr Grayshift about cracking Windows or Android so...
    There is NO security for Android. Everyone can hack any android device. So, government doesn't need any help while iOS is good for money makers because Apple straight up refused to unlock it for the government.
    king editor the graterob53jony0charlesatlasMuntzchiaJFC_PAracerhomie3watto_cobra
  • Reply 3 of 23
    toysandmetoysandme Posts: 185member
    lkrupp said:

    How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. ...

    FYI: Every cab driver and their mother can access Android phones. The OS is designed by Google, so what do you expect? The company that’s demonetized and destroyed thousands of YouTube and Gmail accounts over the past couple of months with no end in sight. Even Dr Jordan Peterson lost 100k+ emails for a while. Google’s name is now memed into Goulag. I avoid Google products like the plague. 
    aegeanMuntzracerhomie3watto_cobra
  • Reply 4 of 23
    sflocalsflocal Posts: 4,308member
    Adding to the evidence that Apple's latest iPhones are no longer safe from hackers -- legal or otherwise -- a second company has come forward selling its ability to break in.

    Okay AI, please provide an official statement from Apple that claimed iPhones were "safe" from hackers to begin with?  
    lkruppanantksundaramSpamSandwich
  • Reply 5 of 23
    sflocalsflocal Posts: 4,308member

    fallenjt said:
    lkrupp said:
    So Android wins the security war after all, hand down. No mention of any other platforms they can hack so I guess it’s all over for iOS users, huh. Oh, Cellebrite admits they do need physical access so there’s that.

    How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. We never hear a peep about Android security so I must assume it’s impregnable. No bragging from Cellebrite opr Grayshift about cracking Windows or Android so...
    There is NO security for Android. Everyone can hack any android device. So, government doesn't need any help while iOS is good for money makers because Apple straight up refused to unlock it for the government.
    toysandme said:
    lkrupp said:

    How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. ...

    FYI: Every cab driver and their mother can access Android phones. The OS is designed by Google, so what do you expect? The company that’s demonetized and destroyed thousands of YouTube and Gmail accounts over the past couple of months with no end in sight. Even Dr Jordan Peterson lost 100k+ emails for a while. Google’s name is now memed into Goulag. I avoid Google products like the plague. 
    I think LKrupp was being sarcastic guys.  Seriously though... one never hears about the huge security hole that is Android, nor raises a stink about it.  A blind man with no arms and legs can break into an Android phone, yet no one discusses it, yet that one or two articles about some firms that go through some serious technical and engineering exploits to break into an iPhone gets all the news and implies that now any iPhone at any time can be hacked?  Seriously?  

    No phone, no OS, is 100% secure.  FACT.  Given enough time and resources, any device can be broken into.  Why AI is casually implying that iOS was 100% secure just screams of clickbait.
    georgie01DAalsethMuntzchiaracerhomie3muthuk_vanalingamwatto_cobra
  • Reply 6 of 23
    Apple will soon plug this hole. More security BS.
    Muntzwatto_cobra
  • Reply 7 of 23
    lkrupplkrupp Posts: 6,530member
    sflocal said:
    Adding to the evidence that Apple's latest iPhones are no longer safe from hackers -- legal or otherwise -- a second company has come forward selling its ability to break in.

    Okay AI, please provide an official statement from Apple that claimed iPhones were "safe" from hackers to begin with?  
    It’s just like all the other crap said about Apple. Apple never said OS X was free from viruses, malware, trojans, etc. It was overzealous fanboys who claimed that and the trolls ran with it. All Apple ever says is that security is one of its top priorities and that the company works tirelessly to improve it. Apple never said iPhones couldn’t be hacked. Again it was clueless zealots. Apple touts its efforts to improve security (like the secure enclave) but it’s the fanboys and trolls that spin it to mean iOS is impregnable.
    gatorguymuthuk_vanalingamGeorgeBMacwatto_cobraavon b7
  • Reply 8 of 23
    Since I use my fingerprint to open my phone, I have no issue using a 15 character passphrase, upper and lower case letters, numbers and special characters. Good luck brute force cracking that. And I’m not even a criminal!
    jdb8167mac_dogracerhomie3watto_cobra
  • Reply 9 of 23
    sflocal said:
    Adding to the evidence that Apple's latest iPhones are no longer safe from hackers -- legal or otherwise -- a second company has come forward selling its ability to break in.

    Okay AI, please provide an official statement from Apple that claimed iPhones were "safe" from hackers to begin with?  
    ^^

    Second
    SpamSandwichmuthuk_vanalingam
  • Reply 10 of 23
    maestro64maestro64 Posts: 4,341member
    It sound like apple left a door open if these companies found a way in. Even the jailbreaking communities have not found a way to hack the phone.
  • Reply 11 of 23
    georgie01georgie01 Posts: 198member
    I had initially thought the source code leak was probably insignificant, but with the timing of these two accouncements perhaps there was something significant Apple didn’t realise.

    Apple will most certainly fix the vulnerabilities at some point and then the chase will resume. For now, it’s good news for law enforcement agencies (with good intentions) and bad news for consumers until Apple fixes the issue(s).
    Muntzwatto_cobra
  • Reply 12 of 23
    SpamSandwichSpamSandwich Posts: 30,272member
    georgie01 said:
    I had initially thought the source code leak was probably insignificant, but with the timing of these two accouncements perhaps there was something significant Apple didn’t realise.

    Apple will most certainly fix the vulnerabilities at some point and then the chase will resume. For now, it’s good news for law enforcement agencies (with good intentions) and bad news for consumers until Apple fixes the issue(s).
    I'd almost be willing to bet that at some point in the past or today there have been US intelligence operatives posing as employees at Apple, collecting information to feed to the three letter agencies.
    Muntzmac_dogracerhomie3muthuk_vanalingambeowulfschmidtwatto_cobra
  • Reply 13 of 23
    husker_neoconhusker_neocon Posts: 1unconfirmed, member
    Apple can't buy this product. Sold to Law Enforcement only
  • Reply 14 of 23
    MuntzMuntz Posts: 26member
    lkrupp said:
    So Android wins the security war after all, hand down. No mention of any other platforms they can hack so I guess it’s all over for iOS users, huh. Oh, Cellebrite admits they do need physical access so there’s that.

    How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. We never hear a peep about Android security so I must assume it’s impregnable. No bragging from Cellebrite opr Grayshift about cracking Windows or Android so... won’t ISIS and Al Qaeda just switch to Android now? Wouldn’t Apple save a lot of money by just forgetting about security since there is none anymore?
    Great time for you to put all the money you’ll save buying a mid-range Android device into a palette of Depends for Seniors.
  • Reply 15 of 23
    jdb8167jdb8167 Posts: 118member
    With physical access, you have to assume that a brute force crack is possible. So, if this concerns you, use a strong passcode or passphrase. I use a 12 digit passcode. If these devices can do 20 attempts per second (50 ms/attempt) then it will take 1500+ years per device that is trying the crack. Since it is unlikely that they can clone the Secure Enclave, that is about as good as it is going to get. The 50 ms is enforced by the SE and is unlikely to be hackable.
    watto_cobra
  • Reply 16 of 23
    JFC_PAJFC_PA Posts: 234member
    Apple will soon plug this hole. More security BS.
    OR you can plug it yourself right now. Simply use a complex password as above: that will defeat brute force hacks which is basically what the speculation is being used here. Their “truck” is getting around the try counter, but that only works when the password is subject to brute force, go complex and they’ll fail. 
    watto_cobra
  • Reply 17 of 23
    Two companies now can hack iPhone, only a few weeks after the leak of the source code by one of Apple's employee (probably ex-employee.)
  • Reply 18 of 23
    foggyhillfoggyhill Posts: 4,767member
    Two companies now can hack iPhone, only 2 weeks after the leak of the source code by one of Apple's employee (probably ex-employee.)
    Celebrite could ALREADY do it, so not sure wth you are talking about and it wasn't a new version of IOS either that leaked.
  • Reply 19 of 23
    georgie01 said:
    I had initially thought the source code leak was probably insignificant, but with the timing of these two accouncements perhaps there was something significant Apple didn’t realise.

    Apple will most certainly fix the vulnerabilities at some point and then the chase will resume. For now, it’s good news for law enforcement agencies (with good intentions) and bad news for consumers until Apple fixes the issue(s).
    I'd almost be willing to bet that at some point in the past or today there have been US intelligence operatives posing as employees at Apple, collecting information to feed to the three letter agencies.

    Even with my tin foil hat on, that is a virtual certainty.  Of course, it's likely true of every other major tech company in the U.S. as well, along with many foreign ones.  Industrial espionage is a thing, and it's not just practiced by industry.
    watto_cobra
  • Reply 20 of 23
    GeorgeBMacGeorgeBMac Posts: 3,273member
    lkrupp said:
    So Android wins the security war after all, hand down. No mention of any other platforms they can hack so I guess it’s all over for iOS users, huh. Oh, Cellebrite admits they do need physical access so there’s that.

    How long till my personal iPhone is hacked? Should I switch to Android now so I’m safe? I’m dead serious. We never hear a peep about Android security so I must assume it’s impregnable. No bragging from Cellebrite opr Grayshift about cracking Windows or Android so... won’t ISIS and Al Qaeda just switch to Android now? Wouldn’t Apple save a lot of money by just forgetting about security since there is none anymore?
    ROFL... 
    You trouble maker!   See what you started?  You got the cult all riled up...
    ....  I'll bet you were the one who glued the teacher's book closed in grade school too!
    watto_cobra
Sign In or Register to comment.