Apple has made a lot of advertising about its focus on data security and user privacy. Encryption ensures data security as long as you protect your devices with a password, PIN, fingerprint, or facial identification. No one should be able to access the contents of your iPhone without having access to your password and that’s why the FBI tried to force Apple in early 2016 to give it access to an iPhone belonging to the San Bernardino aggressor.
Finally, the FBI quit because it found that it could use the services of a third party to access a password-protected iPhone. In other words, someone found a backdoor in Apple’s software and managed to use it to access the contents of the encrypted iPhone. Coming back in 2018 – there seems to be another similar backdoor and any iPhone encrypted including an iPhone X can be unlocked, informs bgr.com.
The device in the next image looks like an Apple TV, but it’s actually a gadget that can decrypt the iPhone. It’s called GrayKey, first detailed in a post on the Malwarebytes blog, and has two Lightning cables.
Two phones can be connected simultaneously for about two minutes. After disconnection, the burst process starts. Everything happens on the phone. A specific software is loaded into your phone via the GrayKey device. The software will identify your password. After a while, the iPhone will display a black screen containing the password required to unlock the phone.
The company that produces these boxes is called Grayshift and claims that “disabled” phones can be unlocked.
After getting your password, the full content of your phone is downloaded to your GrayKey device.
The next image shows that no iPhone is safe. An iPhone X running iOS 11.2.5 was broken using the same hardware.
Malwarebytes explains that GrayKey comes in two versions, a $ 15,000 version that requires an internet connection and is locked in a single location (geofenced) and a $ 30,000 model allows it to be used without an internet connection and you can move your device anywhere you want.
Grayshift was set up in 2016 and sells to law enforcement agencies. If this report is correct and the gadget can break the latest version of iOS, it does not even matter. It only matters that someone has found a way to bypass Apple’s encryption, a backdoor that can be exploited, and Apple has not been nearly two years to produce a patch.
As long as only law enforcement agencies use these devices, you do not have to worry too much. But if it is obtained by malicious people, GrayKey can be used to spy on people. And you can imagine how happy the totalitarian regimes are that they can spy on encrypted iPhone. Again, the device could help iPhone thieves reset the stolen iPhone which are password-locked and then sell them.
It goes without saying that Apple is very unlikely to build this backdoor in iOS. And if it had happened, we would never know that there was such an official backdoor. This is the purpose of a backdoor – to be secret. But the fact that someone not connected with Apple has been able to discover this vulnerability once again proves why such vulnerabilities should not be built into encrypted devices. Eventually, someone will find them.