GrayKey iPhone unlocker poses serious security concerns...

[Teddy Rogers]

GrayKey iPhone unlocker poses serious security concerns

Quote

Ever since the case of the San Bernadino shooter pitted Apple against the FBI over the unlocking of an iPhone, opinions have been split on providing backdoor access to the iPhone for law enforcement. Some felt that Apple was aiding and abetting a felony by refusing to create a special version of iOS with a backdoor for accessing the phone’s data. Others believed that it’s impossible to give backdoor access to law enforcement without threatening the security of law-abiding citizens.

In an interesting twist, the battle ended with the FBI dropping the case after finding a third party who could help. At the time, it was theorized that the third party was Cellebrite. Since then it has become known that Cellebrite— an Israeli company—does provide iPhone unlocking services to law enforcement agencies.

Cellebrite, through means currently unknown, provides these services at $5,000 per device, and for the most part this involves sending the phones to a Cellebrite facility. (Recently, Cellebrite has begun providing in-house unlocking services, but those services are protected heavily by non-disclosure agreements, so little is known about them.) It is theorized, and highly likely, that Cellebrite knows of one or more iOS vulnerabilities that allow them to access the devices.

In late 2017, word of a new iPhone unlocker device started to circulate: a device called GrayKey, made by a company named Grayshift. Based in Atlanta, Georgia, Grayshift was founded in 2016, and is a privately-held company with fewer than 50 employees. Little was known publicly about this device—or even whether it was a device or a service—until recently, as the GrayKey website is protected by a portal that screens for law enforcement affiliation.

According to Forbes, the GrayKey iPhone unlocker device is marketed for in-house use at law enforcement offices or labs. This is drastically different from Cellebrite’s overall business model, in that it puts complete control of the process in the hands of law enforcement.

Thanks to an anonymous source, we now know what this mysterious device looks like, and how it works. And while the technology is a good thing for law enforcement, it presents some significant security risks.

https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/

Ted.

[Nemo]

Well apparently it jailbreaks devices which could potentially lead to data corruption.. Either way who uses apple stuff anyway.. lol