Apple has made securing its devices one of the most important bullet point features for its products, which means there is a concerted effort on the other side of the coin to crack those devices.
Now, as first reported today by Forbes , Grayshift –a firm based out of the United States– has begun marketing its own ability to crack encrypted iPhones running iOS 11. The key difference here is that Grayshift is charging quite a bit of money for a couple different options for potential clients. The first option is 300 attempts to bypass a secured iPhones for $15,000.
If a client wants Grayshift to try to access a secured iPhone an “unlimited” number of times, then they will need to fork over $30,000 for that.
“In recent weeks, its marketing materials have been disseminated around private online police and forensics groups, offering a $15,000 iPhone unlock tool named GrayKey, which permits 300 uses. That’s for the online mode that requires constant connectivity at the customer end, whilst an offline version costs $30,000. The latter comes with unlimited uses.”
Grayshift’s tool, which they call GrayKey, is being kept under wraps, as far as details are concerned. The marketing material for the new bypassing tool is also being vague when it comes to which version of iOS 11 it is able to access. Grayshift isn’t telling anyone, either. So it is possible that GrayKey is only able to bypass iOS 11, or even iOS 11.1:
“The marketing doesn’t reveal just what iOS vulnerabilities GrayKey exploits to unlock iPhones. It claims GrayKey works on disabled iPhones and can extract the full file system from the Apple device, and indicates the tool would make repeated guesses at passcodes, a technique known as brute forcing, to first get into the device.”
As noted above, the tactic of brute force is the best guess as to how Grayshift’s method works. iOS itself is built to withstand attacks like that, including the simple method of extending the time between each passcode attempt, and allowing for the device to completely erase the data on the phone after 10 failed attempts to enter a passcode.
As is par for the course, these types of security concerns shouldn’t really concern the general iPhone user. In this particular case, though, that is doubly true, as the method is so expensive that it probably won’t be used on just one single random iPhone out there. Plus, direct contact with the iPhone is also a requirement for the process to work.
This is similar to Cellebrite’s recent claims , which also touted its ability to bypass iPhones running iOS 11. Just like in that case, though, the details are unknown, and it’s possible an up-to-date iOS device isn’t in any danger of being cracked by the tool.
Defeating Apple’s security measures has become quite the lucrative business option, and it’s not surprising we’re seeing these firms market their own tools to access secured Apple hardware. Still, charging upwards of $30,000 is pretty steep!
[via Forbes ]