x404.co.uk :: View topic - 'GrayKey' iPhone Unlocking Box Used by Law Enforcement Shown

x404.co.uk http://x404.co.uk/forum/

'GrayKey' iPhone Unlocking Box Used by Law Enforcement Shown http://x404.co.uk/forum/viewtopic.php?f=19&t=26458	Page 1 of 1

Author:

paulzolo [ Fri Mar 16, 2018 9:57 am ]

Post subject:

'GrayKey' iPhone Unlocking Box Used by Law Enforcement Shown


	Quote: Last week, news of a previously-unknown iPhone unlocking device called GrayKey surfaced, and today, MalwareBytes shared photos and additional information about the product, which is designed for law enforcement officials. Created by a company named Grayshift, GrayKey is a small, portable gray box equipped with dual Lightning cables.

https://www.macrumors.com/2018/03/15/gr ... cking-box/

Author:	big_D [ Fri Mar 16, 2018 10:52 am ]
Post subject:	Re: 'GrayKey' iPhone Unlocking Box Used by Law Enforcement S
Hardly a surprise, there have been similar devices in the past for ripping data from connected phones. What is surprising is that the phone still allows the software to be installed. That would indicate that either the phone isn't checking for a valid Apple signing key or that Grayshift have "stolen" Apple's signing key. given that the private key is always a closely guarded secret, Apple wouldn't give it out, so the only way to get hold of it would be to steal it or they have found some way to crack such keys, which would also be disastrous for the whole IT industry - it is built on the reputation of such keys, without it, the whole industry would be set back a couple of decades, in terms of software distribution and connecting to the Internet - it certainly wouldn't be secure to connect a computer or smartphone to the Internet, if the keys are broken; it would be the equivalent of parking your car in the middle of the street, leaving the doors open, the keys in the ignition and the motor running...

Author:

paulzolo [ Fri Mar 16, 2018 11:30 am ]

Post subject:

Re: 'GrayKey' iPhone Unlocking Box Used by Law Enforcement S


	big_D wrote: Hardly a surprise, there have been similar devices in the past for ripping data from connected phones. What is surprising is that the phone still allows the software to be installed. That would indicate that either the phone isn't checking for a valid Apple signing key or that Grayshift have "stolen*" Apple's signing key.

That was the eyebrow raiser here too. I would have expected the phone not to respond to software install attempts. The article does say that it could be using some kind of jailbreaking - maybe it can force that somehow.

From the article:


	Quote: How the GrayKey works is not known, but it's believed to be using some sort of jailbreaking process that could damage iPhones in some way.

I expect that Apple will either have one, or be trying to acquire one.

Page 1 of 1	All times are UTC
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/