They hack any iphone. How do spy gadgets GrayKey and Cellebrite

The story of the shooter from San Bernandino, who killed 14 and injured 22 people, made the whole world say that access to iPhone data can be obtained without Apple. The FBI hacked into the terrorist’s smartphone (according to rumors, for $ 1.3 million), before being properly beaten off from Cupertino.

With this act, the FBI said bluntly: Apple’s protection is unreliable, if necessary, all your data will be examined under a microscope. We tell you what gadgets are used to hack the iPhone.

The main thing – do not let the iPhone fall asleep

The first thing law enforcement agencies do with selected iPhones is to keep it off. Then, the corresponding tokens should not be canceled at the smartphone, which means that it will be much easier to access.

Then, special hook-up gadgets are connected to the iPhone via Lightning – not with your hands to enter passwords. The device uses a vulnerability in the system and allows you to either sort through passwords or retrieve them from RAM.

The longer the password, the more time to search. For example, all 4-digit numeric passwords can be searched in a minute, 6-digit – in a few days. Of course, a warrant is needed for this, but … if there is confidence that the warrant will be, they may not wait.

After selecting a password, all data from the iPhone is merged to another device. Including keychain values ​​and encrypted information.

Cellebrite will crack any iPhone for 5 thousand dollars

Israeli company Cellebrite claims: any password on the iPhone will fall. Issue price – from $ 5,000 for one device. Information, of course, is priceless.

The company was founded in 1999 by immigrants from units 8200 and MAMRAM of the Israel Defense Forces, who were responsible for electronic intelligence and computer security. They did business on selling devices and services for cracking iPhone law enforcement.

True, Cellebrite seeks to control the use of its devices, so that just anyone does not provide them. It is more profitable to keep the technology and not to disclose it, as well as to earn money from technical support and advice on the use of gadgets.

In Cellebrite claim that technology can bypass the blocking of most popular models of smartphones on Android and iOS. Gadgets make it possible to download owner files from devices: photos, call history and correspondence in instant messengers, including Telegram. Hacking requires physical access to the device. The procedure takes from several seconds to several days.

It is known that Cellebrite solutions are used throughout the world. The Russian Federation is no exception. Thus, the regional departments of the FSB, the Investigation Committee and the Ministry of the Interior purchase UFED Cellebrite software and equipment. Purchases are carried out through local partners, in particular, LAN-PROJECT and Judicial Technologies.

So, the Volgograd Department of the TFR bought a portable hardware complex UFED Touch2 Ultimate Ruggedized for autonomous retrieval of information for 800 thousand rubles.

Khabarovskoye – updated the software “for the study of mobile devices UFED Touch to the version UFED Touch2 Ultimate” on two devices for 1.26 million rubles.

Alternative – GrayKey from GrayShift

In Atlanta, Georgia, in 2016, the private company GrayShift was founded. Initially, it had only 50 employees and gained fame when it released the GrayKey device for hacking the iPhone.

The device is sold for use by law enforcement officers and closed laboratories. In fact, GrayKey is a “gray box”: a device that combines white-box technology with a well-known internal structure and a black box with well-known inputs and outputs.

At the end of the device size 10x10x4 cm – two Lightning-cables and three LED indicators. You can connect two iPhones to GrayKey at the same time.

In the Malwarebytes experiment, smartphones were hooked up for about two minutes to install software, then turned off. Soon a black screen appeared on the devices with a password and other information.

Password selection took about half a minute, according to the data on the screen. However, this is luck; so, the company assumes that it can take up to three days to iterate through six-digit passwords. The bad news is that even turned off smartphones in this way can be unlocked.

After unlocking the device, all information from it can be downloaded to GrayKey. View and analyze data is offered through a web interface on a connected computer. The complete, unencrypted content of the trinket is also available for download.

The device is offered in several versions. The most budget will cost 15 thousand dollars. It requires an internet connection and gives 300 attempts to hack various smartphones.

Another option, for 30 thousand dollars, does not require an internet connection and does not have a limit on the number of devices that are planned to be hacked. The model assumes two-factor authentication based on tokens for security.

GrayKey devices are actively used by the US police. Russian law enforcement agencies also adopted them.

USB Restrictive Mode protects against GrayKey and Cellebrite

Virtually any device has SOS mode (safe mode, emergency mode), which is needed to perform special operations, access to resources, settings, etc. In it, device functions are limited to the maximum for security purposes.

Touch ID and Face ID are blocked on iPhone in SOS mode. Thus, your finger or the face of the iPhone will not be able to unlock, and the police are not allowed to force a password to be entered.

Starting with iOS 11.4.1, Apple has implemented USB Restrictive Mode, a simple but really cool feature for security. If you don’t unlock your iPhone for an hour, the Lightning port is simply automatically blocked for data transfer.

This was done to counter GrayKey and Cellebrite devices. Thus, devices that sorted through simple digital passwords when connecting a smartphone via USB turned out to be useless on the latest iOS versions.

How to activate USB Restrictive Mode:

  • go to “Settings” – “Face ID and passcode” for iPhone X or “Touch ID and passcode” for iPhone 5s and above;
  • Go to the “USB Accessories” option and deactivate the corresponding option.

Now, if you do not unlock the smartphone screen for an hour, untrusted USB accessories and hacking gadgets will not work. Until you enter the password or unlock the screen using biometric systems.

Important: USB Restrictive Mode will not turn off until you enter the password correctly.

But while the FBI and Apple have not reached a new round of aggression and began to actively seek the introduction of backdoors in the iPhone. This means that either the security services already have their own scrap for this technique, or they are actively developing new scrap, realizing that everything will be long and difficult in the legal field.

By the way, it seems strange that the Secure Enclave hardware security module does not prevent Cellebrite and GrayKey from hacking the iPhone. Perhaps it was intended?


Update the firmware and do not tell anyone the passwords from your iPhone, activate USB Restrictive Mode in the settings – and you will be happy. At least, for now there is no information that Cellebrite and GrayKey can crack the latest iOS 12.

Back to top button