Some time ago we wrote about a device that can unlock any iPhone. The device (Graykey) is made by a company GrayShift. Supposedly the device is marketed to law enforcement and can unlock a phone in a timeframe of hours to days (depending on the type of password used). We also reported that the device comes in two models and the cheaper of the two requires an internet connection. Well, it would seem that while setting up one such device for a customer, the code was exposed on the web and someone(s) managed to take at least part of it. The person or group responsible has reached out twice now demanding ransom money in the form of Bitcoin. The demand is for at least $15,000 USD. Each time the ransom was requested the person or group released a different bit of code as proof. As of now, it appears the ransom has not been paid. The company did release a statement saying,
It is still unclear how crucial the code taken is and what steps are being taken (if any) to recover it. Some have speculated that this information somehow reveals that the device requires the internet. Since we do not know which model was being used by the customer, that part seems a bit unclear.