Government intelligence agencies and police forces have been briefed on a new tool known as ‘GreyKey’ which promises to unlock iPhones running iOS 10 and 11.
The tool is brought to you by a low-key start-up called Grayshift, about which little is known, but Forbes believes the group is run by ex-US intelligence agency contractors and an ex-Apple security engineer. It’s only in the last couple of weeks Grayshift has been touting its services, and even gaining access to the website is strictly controlled (as you can see here), however Forbes has a friendly which granted it access. And it is as interesting as it is worrying.
How the tool actually works is unknown for the moment, though the vulnerability is likely to stay hidden. Considering the ease at which governments around the world seem to sweep aside data privacy rights of citizens, Grayshift could have quite a captive market. Governments have shown they are incapable of cracking encryption techniques or bending the will of the technology giants, so companies like Grayshift will certainly be of interest.
The tool itself, GreyKey, is available for $15,000 which permits 300 unlocks for the purchaser, but for $30,000 those nosey spooks can use the offline product. The more expensive version comes with unlimited use which will sound like a bargain for Prime Minister Theresa May and Home Secretary Amber Rudd, both of whom have tried their darndest impression of Big Brother (Rudd attacks data encryption and May’s Snoopers Charter). The ads claim to be able to unlock the latest version of the iPhone software, iOS 10 and 11, though an update has been promised to tackle iOS 9 before too long. A demo has also claimed to have cracked the iPhone X.
While details of how the tool works remain unknown, it is assumed ‘brute forcing’ is the favoured technique here. Cracking the encryption software doesn’t seem to be a viable option here (which is one of the few positive notes of this story) as the tool appears to make repeated guesses at passcodes.
The appearance of companies like Grayshift, similar to Cellebrite who offer similar services from Israel, is a thorn in the side of the industry which needs to ensure data privacy is top of the agenda. For the digital economy to flourish, there needs to be trust in it. Unfortunately, with companies exploiting vulnerabilities and refusing to report them, or governments trying to force others to programme backdoors into encryption techniques, the trust will be undermined. There will always be a worry about insecurities in the matrix, and therefore always a hindrance for complete acceptance and adoption of the connected world.
While there are circumstances where privacy will have to be sacrificed for the greater good of society, these instances should be considered incredibly rare. This does not seem to be the approach of governments around the world, who seem quite whimsical with the approach to personal rights. What baffles us is the way in which hacking is becoming legal. Instead of condemning and tackling the problem of vulnerabilities in our lives, governments seem to be encouraging them.
The last 18 months has seen governments act immaturely. The readiness to undermine the digital economy seems far to accessible.