Story image

iPhone unlockers set a dangerous precedent for abuse, says security expert

26 Mar 2018

Despite Apple’s refusals to provide iPhone unlocking privileges to law enforcement officials like the FBI, it seems there is always one way to circumvent the process.

Security researchers at Malwarebytes Labs have uncovered a third party provider that can unlock iPhones, even despite Apple’s own processes to stop it.

That may be a win for the FBI. The feud between the agency and Apple has been brewing since 2015, when the FBI ordered Apple to help unlock an iPhone after a shooting in the United States.

The FBI hired an Israel-based digital forensics firm by the name of Cellebrite to help unlock the device.

According to the company’s website, “Cellebrite provides law enforcement, military and intelligence, and enterprise customers with the most complete, industry-proven range of solutions that encompass digital forensics, triage, and analytics.”

But Malwarebytes researchers believe Cellebrite is not the only company offering iPhone unlocking services.

A US-based firm called Grayshift reportedly manufactures iPhone unlocker devices called GrayKey. Until recently, little was known about how the devices work and what they do.

Malwarebytes researcher Thomas Reed posted details about how the device works – essentially it is a box that can connect up to two iPhones.

“An iPhone typically contains all manner of sensitive information: account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers. All of this information, even the most seemingly innocuous, has value on the black market, and can be used to steal your identity, access your online accounts, and steal your money,” Reed says.

The phones connect to GrayKey for approximately two minutes. The phones are then disconnected and then approximately two hours later, the phone will display a screen with the passcode and other information.

“It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift,” Reed explains.

But those who want to unlock phones need to pay more than US$15,000 (AU$19,460) to purchase an offline device and more than US$30,000 (AU$38,920) for an online device.

Reed believes that because the device exists and apparently works, it will be a ‘boon’ for law enforcement. It could also be easily stolen and would be worth a high price on the black market, potentially giving thieves the chance to unlock the phones, harvest data and resell them.

He also says it’s unclear what GrayKey does to the device during the jailbreaking process.

 “A jailbreak involves using a vulnerability to unlock a phone, giving access to the system that is not normally allowed. What happens to the device once it is released back to its owner? Is it still jailbroken in a non-obvious way? Is it open to remote access that would not normally be possible? Will it be damaged to the point that it really can’t be used as intended anymore, and will need to be replaced? It’s unknown, but any of these are possibilities,” Reed asks.

He also says that little is known about what security is present on the GrayKey device, and if data transfer is encrypted.

Reed believes that there is potential for innocent people’s devices to be seized and searched with or without consent. Security of that data is not just a threat to the user, but also a liability for the authorities, he claims.

He also admits that there is little information about Grayshift and its sales models. With so much uncertainty, he issues a warning:

“It’s highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market,” Reed concludes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.