Unlocking iPhone & Android without passcode via new tool ‘Mobile GrayKey’

Some time ago the tech company Grayshift gained notoriety thanks to its iPhone unlocking technology, used in a software called GrayKey. Specialists in a cyber security course mention that the firm has returned to attention after announcing a mobile version of this technology. 

According to anonymous informants, the new version of this tool is able to capture a device’s access code in police investigation cases even after authorities return the devices to their users.

“Did you get everything you needed from me? Do you want a quote? If so, what version of Graykey requires. Do you want Graykey Online, or Graykey Offline?” mentions an email received by an undercover agent from the Stockton California Police Department’s Technology Crimes Unit.

According to the specialists of a cyber security course, Grayshift launched GrayKey several years ago stealthily. While other companies like Cellebrite offered to unlock the latest iPhone models in their internal service, GrayKey gave interested parties the ability to do the same but using a tool that could be installed on their own systems.

The firm would have unlocked more than 300 iPhones in exchange for $15,000 each. In the years that followed, the cost of service rose to $18,000 due to difficulties in conducting a forensic analysis of the iOS system

Although the firm never ruled on it, a government procurement record between the Drug Enforcement Administration (DEA) and Grayshift reveals a purchase under the concept of “GrayKey’s Mobile License Renewal” for $45,000. Another September 2019 agreement with the Office of the Inspector General mentions an additional agreement worth $45,000, experts from a cyber security course mention.

Cellebrite has for years offered mobile versions of its own forensic smartphone hardware called Universal Forensic Extraction Device (UFED). These are designed not only for use in research agency labs, but also in the field. In other words, the authorities have multiple options to unlock a supposedly protected device.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.