Hacked: GrayShift has its iPhone unlocking code held for ransom

Hacked: GrayShift has its iPhone unlocking code held for ransom
Some time ago we wrote about a device that can unlock any iPhone. The device (Graykey) is made by a company GrayShift. Supposedly the device is marketed to law enforcement and can unlock a phone in a timeframe of hours to days (depending on the type of password used). We also reported that the device comes in two models and the cheaper of the two requires an internet connection. Well, it would seem that while setting up one such device for a customer, the code was exposed on the web and someone(s) managed to take at least part of it. The person or group responsible has reached out twice now demanding ransom money in the form of Bitcoin. The demand is for at least $15,000 USD. Each time the ransom was requested the person or group released a different bit of code as proof. As of now, it appears the ransom has not been paid. The company did release a statement saying,


It is still unclear how crucial the code taken is and what steps are being taken (if any) to recover it. Some have speculated that this information somehow reveals that the device requires the internet. Since we do not know which model was being used by the customer, that part seems a bit unclear. 

source: Motherboard



1. worldpeace

Posts: 3133; Member since: Apr 15, 2016

Or he could sell that unlocking code to Apple.

2. RevolutionA

Posts: 397; Member since: Sep 30, 2017

Yes, he should do that for the nations safety.

3. piyath

Posts: 2445; Member since: Mar 23, 2012

Apple should take a look at this Graykey thingy seriously in my opinion. After all it's an iPhone and their customers are the ones who live in fear because of this illegal unlocking device. Apple can patch whatever this code vulnerability Grayshift is abusing ASAP. This is getting out of hand and pretty ugly.

4. Dr.Phil

Posts: 2357; Member since: Feb 14, 2011

If you use a regular 4 to 6 digit passcode, then yes this could be scary seeing as how brute force can unlock it within a weeks time. However, if you use a longer alphanumeric password with upper and lowercase letters as well as symbols and numbers, then this thing could take decades, or even centuries to unlock your phone. Remember, using a 6 digit passcode there are 1,000,000 possible combinations that this thing has to try, but with an alphanumeric password of (lets say) 12 characters there are 475,920,314,814,253,376,475,136 possibilities. And yes I had to look that one up. In fact, most experts believe a 12 character password would take almost 200 years to crack with the most sophisticated GPU technology. That’s long after your dead and most likely the police or whoever would have given up and moved on.

5. piyath

Posts: 2445; Member since: Mar 23, 2012

Huh.... It's true....lol But the thing is most people use a simple 4 or 6 digit pass code just for the sake of convenience which is a very bad thing. Apple should address this sooner or later.

7. AVVA1

Posts: 228; Member since: Aug 01, 2017

They have partially addressed it with disabling the lightning port after a week if password is incorrectly placed. But I get you Apple should take further steps to make this device inoperable.

9. cmdacos

Posts: 4200; Member since: Nov 01, 2016

Because they care about convenience over security. Same as the larger population. Security is still not a differentiator.

10. lyndon420

Posts: 6787; Member since: Jul 11, 2012

I agree. Maybe in the next iOS update apple will force all of you to use a minimum of 12 characters. Problem solved.

8. xfire99

Posts: 1205; Member since: Mar 14, 2012

Dude, stop babbling alphanumeric passcodes. Majority never use it and its 4-6 passcode normally. Not everyone is Einstein duh.

11. southernzombie

Posts: 355; Member since: Jan 17, 2017

lol so it takes a genius to make a more secure passcode than just using a 4 to 6 digit number? geez guy get your life together.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.