Tuesday, March 27, 2018
GrayKey iPhone Unlocker Poses Serious Security Concerns
Ever since the case of the San Bernadino shooter pitted Apple against the FBI over the unlocking of an iPhone, opinions have been split on providing backdoor access to the iPhone for law enforcement. Some felt that Apple was aiding and abetting a felony by refusing to create a special version of iOS with a backdoor for accessing the phone’s data. Others believed that it’s impossible to give backdoor access to law enforcement without threatening the security of law-abiding citizens.
In an interesting twist, the battle ended with the FBI dropping the case after finding a third party who could help. At the time, it was theorized that the third party was Cellebrite. Since then it has become known that Cellebrite - an Israeli company - does provide iPhone unlocking services to law enforcement agencies.
Cellebrite, through means currently unknown, provides these services at $5,000 per device, and for the most part this involves sending the phones to a Cellebrite facility.
In late 2017, word of a new iPhone unlocker device started to circulate: a device called GrayKey, made by a company named Grayshift. Based in Atlanta, Georgia...
How it works
GrayKey is a gray box, four inches wide by four inches deep by two inches tall, with two lightning cables sticking out of the front.
Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, but it can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned.
After the device is unlocked, the full contents of the file system are downloaded to the GrayKey device. From there, they can be accessed through a web-based interface on a connected computer, and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download.
You can read the complete Malwarebytes article here.
A March 5, 2018 article in Forbes: "Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X For The Feds" discusses GrayKey as well.
-----
Like the better-known Cellebrite unlocking tools, GrayKey probably uses one or more zero-day flaws in iOS to brute-force unlock the handsets.
Because this is a brute-force attack against your iPhone's passcode, a longer code will offer more protection. I recommend using a "a custom alphanumeric code" (a combination of letters, numbers, and symbols) to secure your iPhone. Apple Support shows how to set-up a passcode on your iPhone here.
Access to your iPhone doesn't necessarily mean access to all data on the device. Encrypted applications, such as Standard Notes, protected with a different password than the one used to access your iPhone can help protect your private information.
In other posts I have discussed and recommended Wickr, a secure communications app. One of the features included in Wickr is a secure shredder that wipes the slack / freespace on your phone when Wickr is running. According to an e-mail I received from Wickr Support, secure shredder runs while Wickr is open, and while the app is in the background. The shredding will stop if the app is forced closed or when the process has ended. Having Wickr on your iPhone and opening the app for a few minutes each day might be of value for some people - even if you are not using it for secure communication. Wickr is planning to bring back the manual secure shredder option (it was changed to the current automatic mode in a recent update) in 2018.
For many people, our phones store a tremendous amount of personal and private data. Messages to and from friends and family, personal photos, private contacts, passwords and access to other accounts, private e-mail, and much more. There must be a way to keep that data secure.
Now some will say that products like GrayKey and Cellebrite are only used by law enforcement, and since they must have physical access to your iPhone to use their devices you have nothing to worry about unless you are arrested. Well, perhaps, but not everyone who is arrested is guilty of a crime; and once all of your personal and private is pulled into a government investigative record it is there forever.
According to security expert Bruce Schneier: "Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market. It's also entirely possible, based on the history of the IP-Box, that Grayshift devices will end up being available to anyone who wants them and can find a way to purchase them, perhaps by being reverse-engineered and reproduced by an enterprising hacker, then sold for a couple hundred bucks on eBay."
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.