Story image

iPhone unlockers set a dangerous precedent for abuse, says security expert

26 Mar 18

Despite Apple’s refusals to provide iPhone unlocking privileges to law enforcement officials like the FBI, it seems there is always one way to circumvent the process.

Security researchers at Malwarebytes Labs have uncovered a third party provider that can unlock iPhones, even despite Apple’s own processes to stop it.

That may be a win for the FBI. The feud between the agency and Apple has been brewing since 2015, when the FBI ordered Apple to help unlock an iPhone after a shooting in the United States.

The FBI hired an Israel-based digital forensics firm by the name of Cellebrite to help unlock the device.

According to the company’s website, “Cellebrite provides law enforcement, military and intelligence, and enterprise customers with the most complete, industry-proven range of solutions that encompass digital forensics, triage, and analytics.”

But Malwarebytes researchers believe Cellebrite is not the only company offering iPhone unlocking services.

A US-based firm called Grayshift reportedly manufactures iPhone unlocker devices called GrayKey. Until recently, little was known about how the devices work and what they do.

Malwarebytes researcher Thomas Reed posted details about how the device works – essentially it is a box that can connect up to two iPhones.

“An iPhone typically contains all manner of sensitive information: account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers. All of this information, even the most seemingly innocuous, has value on the black market, and can be used to steal your identity, access your online accounts, and steal your money,” Reed says.

The phones connect to GrayKey for approximately two minutes. The phones are then disconnected and then approximately two hours later, the phone will display a screen with the passcode and other information.

“It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift,” Reed explains.

But those who want to unlock phones need to pay more than US$15,000 (AU$19,460) to purchase an offline device and more than US$30,000 (AU$38,920) for an online device.

Reed believes that because the device exists and apparently works, it will be a ‘boon’ for law enforcement. It could also be easily stolen and would be worth a high price on the black market, potentially giving thieves the chance to unlock the phones, harvest data and resell them.

He also says it’s unclear what GrayKey does to the device during the jailbreaking process.

 “A jailbreak involves using a vulnerability to unlock a phone, giving access to the system that is not normally allowed. What happens to the device once it is released back to its owner? Is it still jailbroken in a non-obvious way? Is it open to remote access that would not normally be possible? Will it be damaged to the point that it really can’t be used as intended anymore, and will need to be replaced? It’s unknown, but any of these are possibilities,” Reed asks.

He also says that little is known about what security is present on the GrayKey device, and if data transfer is encrypted.

Reed believes that there is potential for innocent people’s devices to be seized and searched with or without consent. Security of that data is not just a threat to the user, but also a liability for the authorities, he claims.

He also admits that there is little information about Grayshift and its sales models. With so much uncertainty, he issues a warning:

“It’s highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market,” Reed concludes.

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.