I just learned of a 'new' product claiming to be able to bypass iOS devices.
https://graykey.grayshift.com/
Anyone heard of it? Have it?
My concern is once Apple discovers this, the next update will break this $15k tool…..
No theard before. But I do not trust this. 15k is way to cheap. At Zerodium you pay 1'000k plus for 0ds in this area. Can be a new pentester trying to cash-in on-large to top a one-shot BugBountyFee.
Anyone heard of it? Have it?
Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X For The Feds
https://www.forbes.com/sites/thomasbrewster/2018/03/05/apple-iphone-x-graykey-hack/#3111d4ce2950
US LE only
"With its service offering, Cellebrite can retrieve (without needing to root or jailbreak the device) the full file system to recover downloaded emails, third-party application data, geolocation data and system logs. Agencies can either provide the device already unlocked, furnish the known passcode, or use Cellebrite’s Advanced Unlocking Services to unlock the device."
The service cost as little as $ 1,500 per unlock
The service cost as little as $ 1,500 per unlock
The price is different for countries, departments / firms and devices.
I've heard about 8000$ per device.
I watched their live webinar 2 days ago. Lots of info on the product and a live demo. They will have another webinar next week. Register on their website. For now it is available for US and Canada law enforcement only.
They are constantly researching new ways to get in iOS so if Apple closes one method they will have another way to get in the device.
The device will get the iPhone/iPad's passcode, get decrypted keychain, get a full file system image, "fix" (too many passcode attempt) disabled device, and other features I cannot remember. The most interesting feature I learned was it gets emails.
The device works on iPhone 5 to X and all iPads. iOS 9.2 to latest 11.#.
We plan to purchase one just for the backlog of iPhones we have is worth it. We sent almost 10 iPhones to Cellebrite in the last year.
I watched the webinar too. Yup, it worked as described/advertised and I would love to get one too… but my fear is with the cost. Once Apple changes hardware/software and 'breaks' this $15k tool how long before they make it work again or will it require a new purchase… of another cool gadget. I know this is the game we're in but I am in a small agency, my annual budget isn't even the cost of this one tool.
Please, once you get it keep us posted here on your success with it especially when the next iPhone drops or software update occurs.
Do you have a link to the webinar?
Struggling to find any information about this device, but if what is advertised is true, it would be very beneficial.
Kind regards
Do you have a link to the webinar?
Struggling to find any information about this device, but if what is advertised is true, it would be very beneficial.
Kind regards
Sign up for the next webinar from the company https://graykey.grayshift.com/
As for other information on this tool, it's very new so there may not be much out there yet…
Another blog article
https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/
jaclaz
I think they break iphone master algorythm.
There are some services out there that break apple master key, Thats why they need internet to grab this information and send it to the supercomputer to break it.
…Thats why they need internet to grab this information and send it to the supercomputer to break it.
Form the article
The GrayKey device itself comes in two “flavors.” The first, a $15,000 option, requires Internet connectivity to work. It is strictly geofenced, meaning that once it is set up, it cannot be used on any other network.
However, there is also a $30,000 option. At this price, the device requires no Internet connection whatsoever and has no limit to the number of unlocks. It will work for as long as it works; presumably, until Apple fixes whatever vulnerabilities the device relies on, at which time updated phones would no longer be unlockable.
jaclaz
There are some services out there that break apple master key, Thats why they need internet to grab this information and send it to the supercomputer to break it.
Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information.
This may rather suggest that cracking is being done on the iPhone itself.
My two cents
Cellebrite (and I would assume MSAB-XRY and other major players) have significant R&D departments who are constantly researching and updating their software.
Cellebrite regularly ships out specialized USB cables which have screen bypass exploit capabilities at no charge to current subscribers. (I do not own MSAB-XRY so I cannot speak to MSAB-XRY customer experience, which seems to be excellent based upon this board's feedback).
So my major concern with the GrayShift / GrayKey offering is longevity and depth. $15k-$30k is not an insubstantial investment, so one would hope to see continued product updates and outstanding customer service.
It is not apparent from the GrayShift website how many employees exist within GrayShift so they may very well be five people in total (pure speculation on my part).
Does anyone else agree that customer service, training, and R&D are important factors in making a significant long term technology investment?