The GrayKey Can Unlock an iPhone in Minutes

Danielle from Leaf and Core

7 years ago

Reading Time: 3 minutes.

If you’ve been following the encryption debate closely, you’ve likely head about the GrayKey. It’s a device made to crack iPhone security. It takes advantage of an unknown exploit in iOS that allows it to make many “guesses” without resetting the device. As such, it can do tens of thousands of guesses a day. It’s fast too. If you have a 4 digit passcode, your iPhone can be hacked in under 15 minutes.

If you haven’t already, go ahead and increase the number of digits in your iPhone passcode.

Passcodes Hacked in Minutes

Anyone can buy a GrayKey, though they’re expensive. They start at $15,000 for a version that is limited to 300 unlocks and requires internet connectivity. For double that, you get a device with an unlimited number of unlocks and no requirement for internet access. That might sound a bit too expensive, but for a police department or the FBI, it’s a cost worth incurring. It’s been reported that the FBI paid nearly a million dollars to unlock a single smartphone (which reportedly contained no useful information). Compared to $900,000, $15,000 is nothing. For anyone stealing phones and reselling them, if they can sell them for more than $50/device—an easy ask—they can easily turn a profit. GrayKey is making phone theft profitable and helping anyone unlock iPhones.

Who Has the GrayKey?

So who has a GrayKey? Phone thieves may be able to get their hands on it, but GrayShift, makers of the GrayKey, tries to limit sales to law enforcement. Of course, this will never work in the long run. If Apple can’t close this exploit soon, everyone will be able to hack into iOS devices with little effort. Right now, the FBI definitely has a few on hand, as do other governmental agencies. Likely, these are already in the hands of foreign governments as well, though likely not in the same numbers. Local police stations are getting them as well. Undoubtedly, criminals are getting them too.

Enough people have the GrayKey that you should be seriously concerned about it.

What Can Apple Do?

Apple will have to figure out how the GrayKey bypasses their limitations. GrayShift has an ex-Apple security engineer on its staff, who likely was key in helping them break Apple’s security. Usually, you can’t guess more than a few passwords without locking the phone down for a few minutes. A few more incorrect guesses, and it’ll lock down completely. Depending on your settings, the device may even wipe itself.

However, thanks to this bug, the iPhone can be ran through millions of incorrect guesses. No iOS device should ever be capable of that. In the past, hardware hacks involving cutting power have worked, but Apple patched those exploits using a software update.

Apple may have difficulty getting their hands on the GrayKey, but now that it’s on sale, it shouldn’t be too hard for them to get one. It’s impossible to stop the spread of secrets like this. Eventually, Apple will get a GrayKey or reverse engineer it. From there, they’ll be able to close this security hole, locking out everyone who bought a GrayKey. They’ll have $30,000 paperweights.

What Can You Do?

Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):

4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)

— Matthew Green (@matthew_d_green) April 16, 2018

A 4 digit passcode can be hacked in minutes. However, a 10 digit passcode would take up to 25 years. By then, your phone would be worthless to thieves, and likely to law enforcement too. A passcode longer than 10 digits would likely last a lifetime. Therefore, you should come up with a randomly generated passcode, not something based on birthdays or anniversaries, and use that. Make sure it’s at least 10 characters long (look here if you want it to be just numbers). An alphanumeric passcode is great, but numbers are easier to enter. If you’re only using numbers though, make sure it’s 10+ digits long. The longer your passcode, the safer your device is. Even the GrayKey can’t get past a long passcode.

We’re going to be stuck with this for some time. Apple likely won’t have a fix for a few months. However, if you make yourself secure now with a long passcode, it’ll save you in the future, in case a hack like this comes around again. And it will. Hackers are clever. But if you use a long passcode, you’ll be safe, for now. The FBI is still trying to violate Apple’s rights and global security to create an easily exploitable backdoor through all digital security.

Sources: