14 DAY TRIAL // GrayKey, the iPhone hacking device manufactured by Grayshift, has caught the attention of the US government, especially amid the struggle to break iPhone encryption in several criminal cases, so the US State Department decided to purchase the $15,000 device for its own secret use.
A report from Motherboard reveals that the State Department’s Bureau of Diplomatic Security ordered the device on March 6. The US government’s public federal procurement data system, which the cited site uses as source for its report, doesn’t specifically mention Grayshift, but says that the government purchased “computer and computer peripheral equipment.”
Information like the phone number of the vendor, however, matches the one in another purchase made by Indian State Police, which also ordered GrayKey recently.
Security vendor Malwarebytes, which published an in-depth analysis of the hacking capabilities of the device, explained that it takes anywhere between several minutes to three days or more to crack the passcode of the iPhone. Any model, regardless of the iOS version that it’s running, is said to be hackable.
Apple tightlipped on iPhone hacking
Law enforcement can use GrayKey to break into iPhones involved in criminal investigations and extract data, as Apple has repeatedly refused to unlock devices amid security concerns.
GrayKey, however, doesn’t address these security fears, and Malwarebytes says there’s always a risk the device falls in the wrong hands, which eventually exposes users and their data.
“It’s highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market,” the firm says.
Apple itself hasn’t said a single thing about how it plans to mitigate GrayKey and whether the exploits that the device uses to break into iPhones have already been fixed. The company, however, promised to spend more time improving the security and reliability sides of its software with the next releases, but without any official statements, there’s no doubt customers would feel exposed.