Tech

iOS might have a backdoor that could be exploited to hack any iPhone

Ever since the case of the San Bernadino shooter pitted Apple against the FBI over the unlocking of an iPhone, opinions have been split on providing backdoor access to the iPhone for law enforcement.  Apple had been resisting a court order issued requiring the firm to write new software to allow officials to access Syed Rizwan Farook’s phone. But officials on Monday said that it had been accessed independently and asked for the order to be withdrawn.Some felt that Apple was aiding and abetting a felony by refusing to create a special version of iOS with a backdoor for accessing the phone’s data. Others believed that it’s impossible to give backdoor access to law enforcement without threatening the security of law-abiding citizens.

In an interesting twist, the battle ended with the FBI dropping the case after finding a third party who could help. At the time, it was theorized that the third party was Cellebrite. Since then it has become known that Cellebrite— an Israeli company—does provide iPhone unlocking services to law enforcement agencies.

In late 2017, word of a new iPhone unlocker device started to circulate: a device called GrayKey, made by a company named Grayshift. Based in Atlanta, Georgia, Grayshift was founded in 2016, and is a privately-held company with fewer than 50 employees. Little was known publicly about this device—or even whether it was a device or a service—until recently, as the GrayKey website is protected by a portal that screens for law enforcement affiliation.

The device in the following image looks like an Apple TV, but it is, in fact, a gadget that can decrypt iPhones. It’s called GrayKey, first detailed in a blog post on Malwarebytes, and features two Lightning cables.

Image Source: Malwarebytes

According to Forbes, the GrayKey iPhone unlocker device is marketed for in-house use at law enforcement offices or labs. This is drastically different from Cellebrite’s overall business model, in that it puts complete control of the process in the hands of law enforcement.