Join Us!

Notifications
Clear all

Graykey  

Page 1 / 2
  RSS
StreetForensics
(@streetforensics)
Member

I just learned of a 'new' product claiming to be able to bypass iOS devices.

https://graykey.grayshift.com/

Anyone heard of it? Have it?

My concern is once Apple discovers this, the next update will break this $15k tool…..

Quote
Posted : 05/03/2018 6:53 pm
RolfGutmann
(@rolfgutmann)
Community Legend

No theard before. But I do not trust this. 15k is way to cheap. At Zerodium you pay 1'000k plus for 0ds in this area. Can be a new pentester trying to cash-in on-large to top a one-shot BugBountyFee.

ReplyQuote
Posted : 05/03/2018 7:50 pm
Igor_Michailov
(@igor_michailov)
Senior Member

Anyone heard of it? Have it?

Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X For The Feds

https://www.forbes.com/sites/thomasbrewster/2018/03/05/apple-iphone-x-graykey-hack/#3111d4ce2950

US LE only

ReplyQuote
Posted : 05/03/2018 9:21 pm
Mreza
(@mreza)
Member

"With its service offering, Cellebrite can retrieve (without needing to root or jailbreak the device) the full file system to recover downloaded emails, third-party application data, geolocation data and system logs. Agencies can either provide the device already unlocked, furnish the known passcode, or use Cellebrite’s Advanced Unlocking Services to unlock the device."

https://www.forbes.com/sites/thomasbrewster/2018/02/26/government-can-access-any-apple-iphone-cellebrite/#286360b3667a

The service cost as little as $ 1,500 per unlock

ReplyQuote
Posted : 06/03/2018 9:53 am
Igor_Michailov
(@igor_michailov)
Senior Member

The service cost as little as $ 1,500 per unlock

The price is different for countries, departments / firms and devices.

I've heard about 8000$ per device.

ReplyQuote
Posted : 06/03/2018 10:39 am
surfandwork
(@surfandwork)
Junior Member

I watched their live webinar 2 days ago. Lots of info on the product and a live demo. They will have another webinar next week. Register on their website. For now it is available for US and Canada law enforcement only.

They are constantly researching new ways to get in iOS so if Apple closes one method they will have another way to get in the device.

The device will get the iPhone/iPad's passcode, get decrypted keychain, get a full file system image, "fix" (too many passcode attempt) disabled device, and other features I cannot remember. The most interesting feature I learned was it gets emails.

The device works on iPhone 5 to X and all iPads. iOS 9.2 to latest 11.#.

We plan to purchase one just for the backlog of iPhones we have is worth it. We sent almost 10 iPhones to Cellebrite in the last year.

ReplyQuote
Posted : 09/03/2018 5:58 pm
StreetForensics
(@streetforensics)
Member

I watched the webinar too. Yup, it worked as described/advertised and I would love to get one too… but my fear is with the cost. Once Apple changes hardware/software and 'breaks' this $15k tool how long before they make it work again or will it require a new purchase… of another cool gadget. I know this is the game we're in but I am in a small agency, my annual budget isn't even the cost of this one tool.

Please, once you get it keep us posted here on your success with it especially when the next iPhone drops or software update occurs.

ReplyQuote
Posted : 09/03/2018 10:16 pm
MrMacca
(@mrmacca)
New Member

Do you have a link to the webinar?

Struggling to find any information about this device, but if what is advertised is true, it would be very beneficial.

Kind regards

ReplyQuote
Posted : 12/03/2018 10:26 am
StreetForensics
(@streetforensics)
Member

Do you have a link to the webinar?

Struggling to find any information about this device, but if what is advertised is true, it would be very beneficial.

Kind regards

Sign up for the next webinar from the company https://graykey.grayshift.com/

As for other information on this tool, it's very new so there may not be much out there yet…

ReplyQuote
Posted : 12/03/2018 5:31 pm
AmNe5iA
(@amne5ia)
Active Member
jaclaz
(@jaclaz)
Community Legend

Another blog article
https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/

jaclaz

ReplyQuote
Posted : 18/03/2018 7:10 pm
droopy
(@droopy)
Active Member

I think they break iphone master algorythm.
There are some services out there that break apple master key, Thats why they need internet to grab this information and send it to the supercomputer to break it.

ReplyQuote
Posted : 19/03/2018 12:26 pm
jaclaz
(@jaclaz)
Community Legend

…Thats why they need internet to grab this information and send it to the supercomputer to break it.

Form the article

The GrayKey device itself comes in two “flavors.” The first, a $15,000 option, requires Internet connectivity to work. It is strictly geofenced, meaning that once it is set up, it cannot be used on any other network.

However, there is also a $30,000 option. At this price, the device requires no Internet connection whatsoever and has no limit to the number of unlocks. It will work for as long as it works; presumably, until Apple fixes whatever vulnerabilities the device relies on, at which time updated phones would no longer be unlockable.

jaclaz

ReplyQuote
Posted : 19/03/2018 12:58 pm
arcaine2
(@arcaine2)
Active Member

There are some services out there that break apple master key, Thats why they need internet to grab this information and send it to the supercomputer to break it.

Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information.

This may rather suggest that cracking is being done on the iPhone itself.

ReplyQuote
Posted : 19/03/2018 5:28 pm
UnallocatedClusters
(@unallocatedclusters)
Senior Member

My two cents

Cellebrite (and I would assume MSAB-XRY and other major players) have significant R&D departments who are constantly researching and updating their software.

Cellebrite regularly ships out specialized USB cables which have screen bypass exploit capabilities at no charge to current subscribers. (I do not own MSAB-XRY so I cannot speak to MSAB-XRY customer experience, which seems to be excellent based upon this board's feedback).

So my major concern with the GrayShift / GrayKey offering is longevity and depth. $15k-$30k is not an insubstantial investment, so one would hope to see continued product updates and outstanding customer service.

It is not apparent from the GrayShift website how many employees exist within GrayShift so they may very well be five people in total (pure speculation on my part).

Does anyone else agree that customer service, training, and R&D are important factors in making a significant long term technology investment?

ReplyQuote
Posted : 19/03/2018 10:09 pm
Page 1 / 2
Share: