Home Technology

iPhone hacking tool GrayKey techniques outlined in leaked instructions – AppleInsider

Ads

Copyright © 2022, Quiller Media, Inc.
Contact Us | Privacy Policy
AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.
Leaked instructions for GrayShift’s GrayKey iPhone unlocking device have surfaced, giving an idea of what the device intended for law enforcement officials can do, and how it works.
GrayShift’s GrayKey is an infamous device used to unlock and pull data from iPhones and iPads owned by suspects, as part of an investigation by law enforcement officials. While the device is known to exist, and has even been photographed as part of FCC filings, a release of details from written instructions for the device provides a better idea of the device’s capabilities.
The device effectively functions by performing a brute-force attack against the iPhone’s passcode, which is used to secure the smartphone. While not entirely perfect, the system has been known to successfully gain entry into a secured iPhone using its methods.
The instructions, supposedly written by the San Diego Police Department and obtained by Motherboard, initially ask users to “determine if proper search authority has been established for the requested Apple mobile device.” It then goes on to explain ways the GrayKey can be used, such as Before First Unlock (BFU), when the phone is already on (After First Unlock, AFU,) or if it has a damaged screen or low battery.
The device can install an agent to a device with 2 to 3% battery life remaining, the instructions reveal. The agent is used for the brute force attack, but continuous power is required until the passcode itself is discovered.
Users can elect to have data collected in various ways, such as extracting metadata for inaccessible files, and “immediate extraction” once unlocked.
In guidance on brute-forcing an alphanumeric passcode, analysts have to perform extra actions, such as loading a wordlist used to try against the password. A default wordlist is provided titled “crackstation-human-only.txt, which consists of around 1.5 billion words and passwords, though other wordlists can also be used.
Once the agent has been installed, the iPhone is placed into Airplane mode, and could be disconnected from GrayKey at that time.
There is also mention of HideUI, an agent that can be used to secretly record a user’s passcode, if law enforcement hands it back to the suspect.
Tools like GrayKey have become an important element of police investigations around the world, as law enforcement attempt to get around the core security of operating systems to see a suspect’s data. It was allegedly used by the FBI in late 2019 to gain access to a locked iPhone 11 Pro Max as part of a high-profile investigation.

Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, “Hey, Siri,” to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.

If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple’s Podcasts app, or via Patreon if you prefer any other podcast player.

AppleInsider is also bringing you the best Apple-related deals for Amazon Prime Day 2021. There are bargains before, during, and even after Prime Day on June 21 and 22 — with every deal at your fingertips throughout the event.


Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, “Hey, Siri,” to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.
If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple’s Podcasts app, or via Patreon if you prefer any other podcast player.
AppleInsider is also bringing you the best Apple-related deals for Amazon Prime Day 2021. There are bargains before, during, and even after Prime Day on June 21 and 22 — with every deal at your fingertips throughout the event.

Without the existence of other app stores, it sure sounds like the security model of the iPhone is already gravely threatened by this device.  

But we’re safe because only law enforcement will have access to this device :eyeroll:

Without the existence of other app stores, it sure sounds like the security model of the iPhone is already gravely threatened by this device.  

You need to get your hearing check. You’re going deaf. 

First of all, this device probably cost in the 10’s of 1000’s of dollars and not that easily available. Second, in order for hackers to use this device to access the data in an iPhone, they need to physically have possession of the iPhone. And third, it works by trying to guess the pass code using “brute force”. An iPhone with a random 10 alphanumeric pass code will probably take over 1M years for this device to guess it.  

https://www.password-depot.de/en/know-how/brute-force-attacks.htm

On the other hand, if a hacker can convince an iPhone owner to unknowingly download malware, by clicking on a link, the hacker can have access to the iPhone data without even being in the same country where the iPhone is or having to know the passcode.    

A hacker can easily send out millions of phishing e-mail, knowing that more than a few will click on the link that will download the malware. This device can only try to access the data on an iPhone the is plugged into it, one iPhone at a time. Do the math.

As long as the iPhone owners still have possession of their iPhone and they use a strong passcode, this device in not a security threat at all.  

You need to get your hearing check. You’re going deaf. 

First of all, this device probably cost in the 10’s of 1000’s of dollars and not that easily available. Second, in order for hackers to use this device to access the data in an iPhone, they need to physically have possession of the iPhone. And third, it works by trying to guess the pass code using “brute force”. An iPhone with a random 10 alphanumeric pass code will probably take over 1M years for this device to guess it.  

https://www.password-depot.de/en/know-how/brute-force-attacks.htm

On the other hand, if a hacker can convince an iPhone owner to unknowingly download malware, by clicking on a link, the hacker can have access to the iPhone data without even being in the same country where the iPhone is or having to know the passcode.    

A hacker can easily send out millions of phishing e-mail, knowing that more than a few will click on the link that will download the malware. This device can only try to access the data on an iPhone the is plugged into it, one iPhone at a time. Do the math.

As long as the iPhone owners still have possession of their iPhone and they use a strong passcode, this device in not a security threat at all.  

Does this hacking tool assume device owners turn the max attempts feature off?

I’ve always assumed that brute force hacking tools would run into the 10-try limit as well as the imposed delay between attempts, unless of course they found a way to bypass the logic that tracks the retry count.

Without a limit on the number of attempts and an escalating wait period between attempts, pretty much any passcode is hackable given enough time.

Mmmm??? 

davidw said:
Without the existence of other app stores, it sure sounds like the security model of the iPhone is already gravely threatened by this device.  

You need to get your hearing check. You’re going deaf. 

First of all, this device probably cost in the 10’s of 1000’s of dollars and not that easily available. Second, in order for hackers to use this device to access the data in an iPhone, they need to physically have possession of the iPhone. And third, it works by trying to guess the pass code using “brute force”. An iPhone with a random 10 alphanumeric pass code will probably take over 1M years for this device to guess it.  

https://www.password-depot.de/en/know-how/brute-force-attacks.htm

On the other hand, if a hacker can convince an iPhone owner to unknowingly download malware, by clicking on a link, the hacker can have access to the iPhone data without even being in the same country where the iPhone is or having to know the passcode.    

A hacker can easily send out millions of phishing e-mail, knowing that more than a few will click on the link that will download the malware. This device can only try to access the data on an iPhone the is plugged into it, one iPhone at a time. Do the math.

As long as the iPhone owners still have possession of their iPhone and they use a strong passcode, this device in not a security threat at all.  

FWIW I get far more fishing expeditions targeting my iPhone and AppleID than I do for my Pixels. Heck, I get phone calls on my Android phone purportedly from Apple security teams telling me my Apple account has been hacked and they’re here to help. LOL

 Another fun fact: In over 11 years of using Android devices for hours a day I’ve encountered exactly the same number of malware events as I have on my Apple gear. ZERO.

FWIW I get far more fishing expeditions targeting my iPhone and AppleID than I do for my Pixels. Heck, I get phone calls on my Android phone purportedly from Apple security teams telling me my Apple account has been hacked and they’re here to help. LOL

 Another fun fact: In over 11 years of using Android devices for hours a day I’ve encountered exactly the same number of malware events as I have on my Apple gear. ZERO.
Apple's 79-pound iPhone Self Repair Program toolkit is on our test bench. Here's what's inside the hefty repair package.
Any iPhone or Apple lover will appreciate Grid Studio's nostalgic art pieces that are made of vintage devices such as the original iPhone or Apple Watch.
The "iPhone 14" lineup is expected to be incredibly similar to the iPhone 13 with minor changes like camera performance and a new larger "max" model. Here's what the rumor mill suggests the phones will look like.

Apple offers users a choice of a 13-inch MacBook Pro and a 13-inch MacBook Air for the entry-level model in its notebook line, but is there much difference between the two lines for the everyday user? Here's what it means to those new to Mac to go Air or Pro at the value end of the range.
Samsung's Smart Monitor M8 adds cloud and smart TV features to what could be taken for an Apple-like display, but is it a good alternative to Apple's consumer-aimed screen, the Studio Display?
Porsche Design's AOC AGON Pro PD32M is in the same general price bracket as the Apple Studio Display, but each monitor offers varying benefits to well-heeled users wanting a premium experience.
If you have $2,000 burning a hole in your pocket and want a Mac, getting a 14-inch MacBook Pro or a Mac Studio is a great idea. Here's how the identically-priced workstations compare to each other.
Whether you're an avid crafter or starting your own small business and want to handle the merchandising yourself, Cricut machines can help create some truly impressive projects. Here's how each model compares to the next, and which one you should check out.
Apple's self-made modem is a massive challenge, but with big rewards at stake
Intelli StepUp Charging Station review: Retractable charging gimmick spoils a good charger
Chip shortages expected until 2024 says Intel CEO
Top last-minute Mother's Day gift ideas for tech-savvy moms
Bullstrap MagSafe wallet review: Same as Apple's but with better leather
UK plans regulations affecting Apple TV+, other streaming services
Apple's Self Repair Program toolkit – Hands on with what's inside
Daily deals April 30: iPads from $100, $18 Logitech Gaming Mouse, $479 Vizio 58-inch AirPlay 2 Smart TV, more
Apple's 79-pound iPhone Self Repair Program toolkit is on our test bench. Here's what's inside the hefty repair package.
Any iPhone or Apple lover will appreciate Grid Studio's nostalgic art pieces that are made of vintage devices such as the original iPhone or Apple Watch.
The "iPhone 14" lineup is expected to be incredibly similar to the iPhone 13 with minor changes like camera performance and a new larger "max" model. Here's what the rumor mill suggests the phones will look like.
Apple's 79-pound iPhone Self Repair Program toolkit is on our test bench. Here's what's inside the hefty repair package.
The "iPhone 14" lineup is expected to be incredibly similar to the iPhone 13 with minor changes like camera performance and a new larger "max" model. Here's what the rumor mill suggests the phones will look like.
Apple claims that it has made significant improvements to the webcam included on the Studio Display thanks to a forthcoming update. We put the beta update to the test to see whether it notably improves Apple's much-criticized webcam.
Samsung is adding one new SSD to its T7 line. Joining the standard T7 and the T7 Touch is the all-new Samsung T7 Shield which boasts expanded durability and resistance compared to its siblings.
Fetching $1299, Apple's 13-inch entry-level MacBook Pro is in an interesting spot in Apple's portable Mac lineup. We evaluate whether or not the base model is still worth it or if users have a better choice out there.
The Intelli StepUp Charging Station attempts to stand out from the multitude of 3-in-1 chargers with awkward pop-out charging pads.
Bullstrap has made a name for itself with quality leather goods. Its recent MagSafe wallet looks and feels incredible, but offers no innovation beyond recreating Apple's original design.
Any iPhone or Apple lover will appreciate Grid Studio's nostalgic art pieces that are made of vintage devices such as the original iPhone or Apple Watch.
The CalDigit Tuff Nano Plus is a speedy SSD with an impressive 2TB capacity designed for on-the-go iPad and Mac workflows.
Satechi's Magnetic Wireless Car Charger is a great piece of kit to add to your ride and is a perfect iPhone companion when paired with wireless CarPlay.
AppleInsider is one of the few truly independent online publications left. If you love what we do, please consider a small donation to help us keep the lights on.
If you love AppleInsider and want to support independent publications, please consider a small donation.
{{ title }}

source

Ads
Previous articleDeals: Shop the Latest Deals on Apple TV 4K, AirPods Pro, and 16-Inch MacBook Pro – MacRumors
Next articleNetflix will start charging some users a fee for sharing their passwords – NBC News