Story image

iPhone unlockers set a dangerous precedent for abuse, says security expert

26 Mar 2018

Despite Apple’s refusals to provide iPhone unlocking privileges to law enforcement officials like the FBI, it seems there is always one way to circumvent the process.

Security researchers at Malwarebytes Labs have uncovered a third party provider that can unlock iPhones, even despite Apple’s own processes to stop it.

That may be a win for the FBI. The feud between the agency and Apple has been brewing since 2015, when the FBI ordered Apple to help unlock an iPhone after a shooting in the United States.

The FBI hired an Israel-based digital forensics firm by the name of Cellebrite to help unlock the device.

According to the company’s website, “Cellebrite provides law enforcement, military and intelligence, and enterprise customers with the most complete, industry-proven range of solutions that encompass digital forensics, triage, and analytics.”

But Malwarebytes researchers believe Cellebrite is not the only company offering iPhone unlocking services.

A US-based firm called Grayshift reportedly manufactures iPhone unlocker devices called GrayKey. Until recently, little was known about how the devices work and what they do.

Malwarebytes researcher Thomas Reed posted details about how the device works – essentially it is a box that can connect up to two iPhones.

“An iPhone typically contains all manner of sensitive information: account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers. All of this information, even the most seemingly innocuous, has value on the black market, and can be used to steal your identity, access your online accounts, and steal your money,” Reed says.

The phones connect to GrayKey for approximately two minutes. The phones are then disconnected and then approximately two hours later, the phone will display a screen with the passcode and other information.

“It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift,” Reed explains.

But those who want to unlock phones need to pay more than US$15,000 (AU$19,460) to purchase an offline device and more than US$30,000 (AU$38,920) for an online device.

Reed believes that because the device exists and apparently works, it will be a ‘boon’ for law enforcement. It could also be easily stolen and would be worth a high price on the black market, potentially giving thieves the chance to unlock the phones, harvest data and resell them.

He also says it’s unclear what GrayKey does to the device during the jailbreaking process.

 “A jailbreak involves using a vulnerability to unlock a phone, giving access to the system that is not normally allowed. What happens to the device once it is released back to its owner? Is it still jailbroken in a non-obvious way? Is it open to remote access that would not normally be possible? Will it be damaged to the point that it really can’t be used as intended anymore, and will need to be replaced? It’s unknown, but any of these are possibilities,” Reed asks.

He also says that little is known about what security is present on the GrayKey device, and if data transfer is encrypted.

Reed believes that there is potential for innocent people’s devices to be seized and searched with or without consent. Security of that data is not just a threat to the user, but also a liability for the authorities, he claims.

He also admits that there is little information about Grayshift and its sales models. With so much uncertainty, he issues a warning:

“It’s highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market,” Reed concludes.

Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.