SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
iPhone unlockers set a dangerous precedent for abuse, says security expert
Mon, 26th Mar 2018
FYI, this story is more than a year old

Despite Apple's refusals to provide iPhone unlocking privileges to law enforcement officials like the FBI, it seems there is always one way to circumvent the process.

Security researchers at Malwarebytes Labs have uncovered a third party provider that can unlock iPhones, even despite Apple's own processes to stop it.

That may be a win for the FBI. The feud between the agency and Apple has been brewing since 2015, when the FBI ordered Apple to help unlock an iPhone after a shooting in the United States.

The FBI hired an Israel-based digital forensics firm by the name of Cellebrite to help unlock the device.

According to the company's website, “Cellebrite provides law enforcement, military and intelligence, and enterprise customers with the most complete, industry-proven range of solutions that encompass digital forensics, triage, and analytics.

But Malwarebytes researchers believe Cellebrite is not the only company offering iPhone unlocking services.

A US-based firm called Grayshift reportedly manufactures iPhone unlocker devices called GrayKey. Until recently, little was known about how the devices work and what they do.

Malwarebytes researcher Thomas Reed posted details about how the device works – essentially it is a box that can connect up to two iPhones.

“An iPhone typically contains all manner of sensitive information: account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers. All of this information, even the most seemingly innocuous, has value on the black market, and can be used to steal your identity, access your online accounts, and steal your money,” Reed says.

The phones connect to GrayKey for approximately two minutes. The phones are then disconnected and then approximately two hours later, the phone will display a screen with the passcode and other information.

“It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift,” Reed explains.

But those who want to unlock phones need to pay more than US$15,000 (AU$19,460) to purchase an offline device and more than US$30,000 (AU$38,920) for an online device.

Reed believes that because the device exists and apparently works, it will be a ‘boon' for law enforcement. It could also be easily stolen and would be worth a high price on the black market, potentially giving thieves the chance to unlock the phones, harvest data and resell them.

He also says it's unclear what GrayKey does to the device during the jailbreaking process.

 “A jailbreak involves using a vulnerability to unlock a phone, giving access to the system that is not normally allowed. What happens to the device once it is released back to its owner? Is it still jailbroken in a non-obvious way? Is it open to remote access that would not normally be possible? Will it be damaged to the point that it really can't be used as intended anymore, and will need to be replaced? It's unknown, but any of these are possibilities,” Reed asks.

He also says that little is known about what security is present on the GrayKey device, and if data transfer is encrypted.

Reed believes that there is potential for innocent people's devices to be seized and searched with or without consent. Security of that data is not just a threat to the user, but also a liability for the authorities, he claims.

He also admits that there is little information about Grayshift and its sales models. With so much uncertainty, he issues a warning:

“It's highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market,” Reed concludes.