In late 2017, word of a new iPhone unlocker device started to circulate: a device called GrayKey, made by a company named Grayshift. Based in Atlanta, Georgia, Grayshift was founded in 2016, and is a privately-held company with fewer than 50 employees. Little was known publicly about this device—or even whether it was a device or a service.
Recently, According to Motherboard, the code in question “does not appear to be particularly sensitive,” but Grayshift did confirm that a “brief” data leak had occurred. Grayshift says that no sensitive IP or data was exposed, and Motherboard confirms that the leaked code appears to be related to the user interface that displays messages on the GrayKey, but it’s clear that Grayshift security is not airtight, raising questions about what kind of data might be accessible to hackers.
Last week, unknown hackers leaked portions of the GrayKey code and demanded two bitcoin from Grayshift with the threat of additional data being leaked.
GrayKey is a gray box, four inches wide by four inches deep by two inches tall, with two lightning cables sticking out of the front. Two iPhones can me connected one at a time and it is connected for about two minutes. After that they are disconnected from their device. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes. Even disabled phones can be unlocked, according to Grayshift.
There are two kinds of graykey’s devices, first one is $5,000 option, requires Internet connectivity to work and it’s strictly geofenced which means that it cannot be used on any other network. The second one is $30,000 option. Here in this option no internet connection is required and has no limits to the number of unlocks. The offline model does require token-based two-factor authentication as a replacement for geofencing for ensuring security.
The news is not only a trouble for GrayShift but also for the iPhone users as well. If the hackers were able to secure GrayKey’s source code, as they claim, the information could theoretically be acquired by unscrupulous organizations or individuals. An iPhone typically contains all manner of sensitive information: account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers. All of this information, has value on the black market, and can be used to steal your identity, access your online accounts, and steal your money. So it’s risky if your iPhone has been stolen because anything can happen.