The mysterious piece of hardware GrayKey might give a sense of happiness to cops because they can get inside most of the iPhone models currently active, including the iPhone X.
The $30,000 device is known to crack a 4-digit iPhone passcode in a matter of a few hours, and a six-digit passcode in 3 days, or possibly 11 hours in ideal scenarios. That’s why security experts suggest that iOS users should keep an alphanumeric passcode instead of an all-number passcode.
Whether this iPhone hacking black box is capable or not, a recent series of events puts a question on the security of GrayKey itself.
Some unknown hackers managed to get hold of the device’s code as a GrayKey unit was exposed for some time earlier this month. Last week, they leaked small chunk of the code that “does not appear to be particularly sensitive.”
It’s assumed that the leaked code powers GrayKey’s user interface where messages are displayed. GrayShift confirmed the data breach and said in a statement to Motherboard that it occurred due to a “network misconfiguration at a customer site.”
GrayShift further said that no IP or data was exposed and they have made the necessary changes to prevent unauthorized access to their iPhone cracking devices.
In a message sent by the hackers to GrayShift’s co-founder, they tried to extort money by demanding a donation of 2 BTC (roughly $18,000) for not leaking the remaining source code. However, it’s believed that they don’t have more code to leak. Also, no transactions have been made to the Bitcoin addresses provided.
It’s not the only incident. Motherboard, through the search engine Shodan, found another seemingly exposed GrayKey device leaking code to the public internet.
Ethical Hacking Workshop | Stay Safe & Secure