GreyKey iPhone Unlocker

Some details about the iPhone unlocker from the US company Greyshift, with photos.

Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market.

It's also entirely possible, based on the history of the IP-Box, that Grayshift devices will end up being available to anyone who wants them and can find a way to purchase them, perhaps by being reverse-engineered and reproduced by an enterprising hacker, then sold for a couple hundred bucks on eBay.

Forbes originally wrote about this, and I blogged that article.

Posted on March 23, 2018 at 6:28 AM • 19 Comments

Comments

Godfree RobertsMarch 23, 2018 7:31 AM

" it's highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime"

Let us pray to Almighty God that it does not end up in the hands of agents of a regime that

Executes 2,000 people each without trial.

Imprisons 2,000,000 people a year, also without trial

Keeps secret lists of 50,000 people whom it won't allow to fly and won't explain why

Has secret courts whose records and rulings are not available to the public where only the government’s lawyers appear without possibility of challenge to the government’s submissions and applies a legal standard profoundly at odds with the Constitution which requires the presentation of evidence of probable cause of a crime as the trigger for a search warrant, (FISA requires only probable cause of a relationship to a foreign power)

Eavesdrops on all their citizens communications 24 x365

Holds prisoners in offshore jails for 15 years without trial by claiming that their Constitution does not hold there?

Permit voting but never change its policies

Has debtors prisons

Has the trust of only 11% of their citizens

Oh, wait...

MatiasvMarch 23, 2018 7:40 AM

I guess it would require more than superficial changes from Apple to destroy Grayshift's business model? Can somebody more knowledgeable speculate about this?

meMarch 23, 2018 8:07 AM

"It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned."

so this means that they are basically bruteforcing the pin, and obviously even if apple try to not allow this stupid short pin/passwords will be always cracked.
-if the encryption scheme is secure
-you use a decent password
-the phone (or pc) is off
noone will be able to decrypt it (see truecrypt / veracrypt)

J BadgerMarch 23, 2018 8:25 AM

Assuming that this is exploiting a vulnerability of which Apple is currently unaware, then the propagation of these devices should result in the vulnerability becoming known to Apple. In other words, the “security” of the device is based on the obscurity of its mechanism and for it to become a broad threat in the hands of black market type actors, it’s very likely that the mechanism will be made ineffective.

The Sword of Disclosure cuts in both directions.

neillMarch 23, 2018 8:41 AM

everyone who carries data in memory on mass produced devices has to assume that there's a high interest in cracking those - be it for politics or financial motives.

just do not do it.

EVERY iOS/android version ever made had security vulnerabilities, or other bugs, hence the many incremental updates ... and since everyone wants cheap devices noone will spend top $ on fixing those.

SAD!

meMarch 23, 2018 11:43 AM

@A:
"What they need is the kind of treatment Hacking Team got."

i followed this closely as i'm from Italy.
just a quick recap from what i remember:
-about one year before hacking team got hacked, the same happened to gamma group (and in an email hacking team called them "wannabe competitor hacked", lol karma)
-from the leaks seems that they used pirated software (they issued a dcma take down because in the leak there was a commercial software that they used pirated)
-they also sent to one of the people who was hosting a copy an email saying "you are doing something illegal take it down or we kill you".
-they started ddos him (without success)

afaik nothing happened to hacking team, no jail, NOTHING.

HumdingerMarch 23, 2018 11:56 AM

@ J Badger

"The Sword of Disclosure cuts in both directions."

Oh what an optimist you are! Cynical old cusses like me believe that Apple is fully aware of the vulnerability and will not patch it unless they have to. Apple, like Facebook, Google and other USA tech companies are in the business of selling a contradiction. The contradiction in this case is that on one hand they mouth all the right words about user privacy and on the other hand do all they can to cooperate with the security state through the backdoor.

Perhaps the most fundamental axiom of computer security and privacy is that no one is going to go to jail to save your skin. You are expendable. These guys are in the business of making money, not saving souls.

PetterMarch 23, 2018 12:14 PM

This hack will work for another month or so until Apple patches the way the password incrementation time delay is managed and then this device will only work on older non patchable devices such as the 5S and below.

And the world moves on.

echoMarch 23, 2018 2:07 PM

Given the relative ease a well resourced entity can mitigate short passwords, face identification, and fingerprints would it be unreasonable to suggest that Apple's security is a sham and that well resourced entities rely on 'user error'? Have things really moved that far past Enigma and the days of smoke filled interrigation rooms?

I wonder if the best form of defence is really just good governance and access to a fair court, and supportive civic structures. Most of the trouble spots and sources of conflict lack civic structures. For the average user the GreyKey tool still gives them up to maybe three days to secure their accounts? Almost all problems at this level will be an opportunistic thief who will want to wipe and resell a phone if they can.

My security is Swiss cheese. I fall back on the idea that if a corrupt state official or office bully or whoever wants to try it on they are welcome as long as I get my day in court.

A Nonny BunnyMarch 23, 2018 4:08 PM

Eavesdrops on all their citizens communications 24 x365
Well, at least there's leap-days ;) (and the odd leap-second)

Clive RobinsonMarch 24, 2018 3:06 AM

@ A Nonny Bunny,

... and the odd leap-second

Just remember some of those have been "negative" time[1] ;-)

Not so daft question for those in the UK as it's news worthy,

    Will we still need our "Time Lord" after Brexit?

Currently our "Spring Forward and Fall backward" Summer Time changes --this weekend folks-- are inline with the EU but existing legislation dictates a different system. So to resolve this a Lord from the House of Lords would take a variation to the House of Commons to be nodded through as part of the ordinary business. After Brexit no doubt there will be cries from some "to return to times of the past", so England's Time Lord will be "surplus to requirments" in this sense...

But the Time Lord may be redundent soon anyway, last month the EU MEPs voted to look further into getting rid of "Daylight Saving Time" and are talking of moving the EU to "Berlin Time" which perhaps accident wise alone may not be a good idea...

[1] Sometimes the earth occasionally speeds up befor returning to the slow decay...

65535March 24, 2018 6:41 AM

@ Godfree Roberts, A Nonny Bunny and others

“Executes 2,000 people each without trial [police gun killings and or drone killings?]. Imprisons…people a year, also without trial…Keeps secret lists of 50,000 people whom it won't allow to fly and won't explain… Has secret courts whose records and rulings are not available to the public where only the government’s lawyers appear without possibility of challenge to the government’s submissions and applies a legal standard profoundly at odds with the Constitution which requires the presentation of evidence of probable cause of a crime as the trigger for a search warrant…Eavesdrops on all their citizens communications 24 x365…” - Godfree Roberts

Yes.

“…what an optimist you are! Cynical old cusses like me believe that Apple is fully aware of the vulnerability and will not patch it unless they have to. Apple, like Facebook, Google and other USA tech companies are in the business of selling a contradiction.”- Humdinger

I concur with your nexus between the huge USA Intelligence complex and business. It is an nod and wink system. Your correct statement, “[silicon valley corporations] are in the business of selling a contradiction” is an understatement. It is more like selling a con-game or outright fraud to consumers. Take a look at the small font and every changing "terms of service" which is spread over several co-owned sites and you will find that all of your private information is for sale to someone.

I agree that the USA is on a slippery slope downwards with evaporating Constitutional rights and poor Moral turpitude of the USA government and its tentacle from the NSA to local police and possibly Private Investigators.

We are seeing huge sums of money spent on spy devices and zero day vulnerabilities. This is increasing the military industrial complex in ways not seen in years.

Greykey is a good example of a bad example. The corporation is basically selling military grade technology weapons to local police and probably any dictator who has the cash on hand. Grayscale will probably become greatly enriched from taxpayers who are their targets. They have little oversight and even less morals. This must stop.

[The technical side]

“Assuming that this is exploiting a vulnerability of which Apple is currently unaware, then the propagation of these devices should result in the vulnerability becoming known to Apple. In other words, the “security” of the device is based on the obscurity”- J Badger

That could be very possible.

“…everyone who carries data in memory on mass produced devices has to assume that there's a high interest in cracking those - be it for politics or financial motives.”- neill

Yes. It also increases the profitability of GreyKey and their kindred corporations. This is bad.

“This hack will work for another month or so until Apple patches the way the password incrementation time delay is managed and then this device will only work on older non patchable devices such as the 5S and below.”- Petter

Maybe and maybe not.

I am doubtful that GreyKey would tell the public their true cracking capabilities. They would tell a customer who has signed and non-disclosure contract.

As other poster have noted the number pin tries and failure slowing components should have stopped this brute force attack but it did not. I maybe off target on this. I suspect a side channel attack of sorts. Does anybody have an answer?

Excuse all of the mistakes. I an not at my best.

Hacker UnoMarch 24, 2018 11:05 AM

Two thoughts...

1) I'd bet that the exploit somehow relies on pulling the credentials from the secure enclave, so the phone is bypassed altogether, and the cracking is done of the gray box, not the phone.

2) I'd be curious how using an alphanumeric passcode impacts the device's ability to crack the lock. I'd wager that their system only attempts to break numeric passcodes, and that a 12+ character alphanumeric passcode would not be breakable.

65535March 24, 2018 11:48 AM

@ Hacker Uno

‘1) I'd bet that the exploit somehow relies on pulling the credentials from the secure enclave, so the phone is bypassed altogether, and the cracking is done of the gray box, not the phone.”

That sounds reasonable considering the 3 AMD exploits and possibly Meltdown and Spectre vulnerabilities. Another area is re-flashing the chips in the secure enclave with microcode malware.

“2) …using an alphanumeric passcode impacts the device's ability to crack the lock. I'd wager that their system only attempts to break numeric passcodes, and that a 12+ character alphanumeric passcode would not be breakable.”

That is a good question.

But, if your first idea “pulling the credentials from the secure enclave” and the passwords are hashed I don’t know if alpha-numeric 12 digit passcodes are safe. I would guess these passcodes are deep in the boot strap process and must be correct, copied or decrypted to boot the iPhone. Thus, if they are pulled from the secure enclave eventually they could be broken.

Conversely, if GreyKey is somehow using a token to access and online backup of the passcode stored on Apple servers all bets are off.

Excuse the mistakes I am not at the top of my game.

mozMarch 24, 2018 4:33 PM

@ Hacker Uno / @65535

‘1) I'd bet that the exploit somehow relies on pulling the credentials from the secure enclave, so the phone is bypassed altogether, and the cracking is done of the gray box, not the phone.”

The article says: "After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information." - I think this suggests pretty clearly that the cracking all happens on the phone.

I think the give away about how it works is in the following features from the

- Prioritizes common and date-bassed passcodes
- Supports 4-digit, 6-digit and complex passcodes

This suggests it is brute forcing the pass code using standard password cracking techniques.

Also in the timing

- taking about two hours in the observations of our source.
- It can take up to three days or longer for six-digit passcodes,

2 hours for about 5000 codes = just over 1 code per second.
3 days for about 500000 codes (half of 10^6) = just under 2 codes per second

I'm guessing the discrepancy is maximum time (2 hours) vs average time (3 days) since the observations aren't given very precisely.

That's very slow if it's a simple attempt to check a code against some stored value, however if each attempt requires communicating with and then either waiting for a built in delay or running a partial reset of the secure enclave then this would make sense.

My guess is that this is running on the iphone main processor and doing a local version of an old attack (try code, power off iphone before secure enclave records attempt, repeat until correct code found).

65535March 24, 2018 10:52 PM

@ moz
‘“…the phones will display a black screen with the passcode, among other information." - I think this suggests pretty clearly that the cracking all happens on the phone.”'

Your explanation is the most plausible so far.

I am sure the rainbow tables are much better than in years past. These rainbow tables could be optimized if GreKey knows the maximum pin length and all characters allowed to be used. These rainbow tables would be much improved knowing the absolute Passcode space and characters [ Passcode = PIN in this post].

It may be possible to use both the phone’s CPU and GreyKey’s box and their cloud platform to do the cracking. But other ways are possible.

Mat Green has some information on Apple passcode generation but he also says basically you either trust Apple or don’t. Apple may have a second boot image that boots the machine without a PIN. What SW and HW does this work? Who knows if this is true.

[Mat Green]

“Apple claims that it does not record these keys nor can it access them. On recent devices (with A7 chips), this key and the mixing process are protected within a cryptographic co-processor called the Secure Enclave. The Apple Key Derivation function ‘tangles’ the password with the UID key by running both through PBKDF2-AES — with an iteration count tuned to require about 80ms on the device itself.** The result is the ‘passcode key’. That key is then used as an anchor to secure much of the data on the phone. (Apple pegs such cracking attempts at 5 1/2 years for a random 6-character password consisting of lowercase letters and numbers. PINs will obviously take much less time, sometimes as little as half an hour. Choose a good passphrase!… one view of Apple’s process is that it depends on the user picking a strong password. A different view is that it also depends on the attacker’s inability to obtain the UID. Let’s explore this a bit …The Secure Enclave is designed to prevent exfiltration of the UID key… earlier Apple devices this key lived in the application processor itself. Secure Enclave provides an extra level of protection that holds even if the software on the application processor is compromised — jailbroken…One worrying thing about this approach… is according to Apple’s documentation, Apple controls the signing keys that sign the Secure Enclave firmware. So using these keys, they might be able to write a special “UID extracting” firmware update that would undo the protections described above, and potentially allow crackers to run their attacks on specialized hardware… One wrinkle in this story is that allegedly Apple has been helping law enforcement agencies unlock iPhones for a while. This is probably why so many folks are baffled by the new policy. If Apple could crack a phone last year, why can’t they do it today? …the most likely explanation for this policy is probably the simplest one: Apple was never really ‘cracking’ anything. Rather, they simply had a custom boot image that allowed them to bypass the ‘passcode lock’ screen on a phone. This would be purely a UI hack and it wouldn’t grant Apple access to any of the passcode-encrypted data on the device. However, since earlier versions of iOS didn’t encrypt all of the phone’s interesting data using the passcode, the unencrypted data would be accessible upon boot. No way to be sure this is the case, but it seems like the most likely explanation…Notes: * Previous versions of iOS also encrypted these records, but the encryption key was not derived from the user’s passcode. This meant that (provided one could bypass the actual passcode entry phase, something Apple probably does have the ability to do via a custom boot image), the device could decrypt this data without any need to crack a password. ** As David Schuetz notes in this excellent and detailed piece, on phones with Secure Enclave there is also a 5 second delay enforced by the co-processor. I didn’t (and still don’t) want to emphasize this, since I do think this delay is primarily enforced by Apple-controlled software and hence Apple can disable it if they want to. The PBKDF2 iteration count is much harder to override. .”-Mat Green

https://blog.cryptographyengineering.com/2014/10/04/why-cant-apple-decrypt-your-iphone/

[Hence you have to trust Apple to not provide a backdoor as stated previously].

If GreyKey is using an custom boot image and scams the secure enclave chip it is almost game over. Who knows?

Excuse my mistakes. I am not at my best.

BobMarch 26, 2018 9:02 AM

Maybe I'm still recovering from the weekend, but it seems like a strong password will defeat this exploit.

echoMarch 26, 2018 7:56 PM

Here is more information about what the GrayKey box provides.

https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/
GrayKey is a gray box, four inches wide by four inches deep by two inches tall, with two lightning cables sticking out of the front. Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source. It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.