Based on an earlier report by Malwarebytes, GrayKey is a small box that can unlock two iPhones at a time. (See the two connectors in the image of the device below?) It was developed by Atlanta company Grayshift, which is run by long-time US intelligence agency contractors and a former Apple security engineer, according to Forbes. To use GrayKey, all cops need to do is connect a phone to it for two minutes. They simply have to wait a bit after it’s unplugged to see a black screen pop up with the passcode — how long they’d have to wait depends on how complex the passcode/passphrase is.
[Image credit: Malwarebytes]
But more than being easy to use, it’s incredibly affordable for what it can do. If you’ll recall, the feds paid Israeli company Cellebrite $900,000 to crack open the San Bernardino shooter’s iPhone after Apple repeatedly refused to do it for them. Currently, Cellebrite unlocks phones for at least $5,000 each, but even that amount is comparably enormous to how much cops have to spend for every GrayKey unlock.
There are two GrayKey variants available: one will set government agencies back $15,000, while the other will cost them $30,000. They can use the more expensive of the two to unlock as many iPhones as they want. The cheaper version has a limit of 300 devices, but even that isn’t so bad when you do the math — that’s only $50 per device.
FBI chief Christopher Wray called encryption a “major public safety issue” when he revealed that the bureau couldn’t get to the evidence stored in 7,775 devices it failed to access the previous year. It’s unclear whether they already ran the iPhones in that pile through a GrayKey, but (short of telling tech giants to add a backdoor to their devices) he urged companies to work with the government in creating a way to access phones owned by suspects.
So, why are authorities still calling for a backdoor when devices like GrayKey already exist? As Motherboard points out, phone-cracking devices exploit security holes, which Apple, Google and other phonemakers can patch up anytime. A backdoor would ensure they can access data whatever the device is and even if it’s running the latest mobile OS.