A department of the United States State Department dedicated to diplomatic security has reportedly acquired a fifteen thousand dollar device its manufacturers claim as being able to break iPhone encryption in anywhere from three hours to three days.

Public federal procurement docs show that the State Department’s Bureau of Diplomatic Security purchased a GrayKey encryption-breaking (decryption) device from Grayshift, a firm which lists a former Apple engineer on staff.

The docs identify the purchase as for “computer as well as computer peripheral equipment,” but we at CryptoBuzz News  confirmed “the phone number of the vendor in both the purchase order as well as documents CryptoBuzz News previously obtained detailing a GrayKey purchase by Indiana State Police is the same.”iphone

Parts of the federal government, notably the Department of Justice and the FBI, have been begging for Apple and other software companies to build backdoors into their encryption tech on the bizarre grounds it is necessary to ensure criminals (and terrorists) can not enjoy impregnable communications.
First revealed this month in a recent report by MalwareBytes, the fifteen thousand dollar GrayKey box may offer a unique workaround to authorities at a significantly cheaper rate than the five thousand-per-device rate apparently quoted by Israeli competitor Cellebrite, which usually requires clients to mail them the cell phones.

GrayKey can apparently crack an iPhone simply by attaching it to one of the two Lightning cables sticking out and injecting a  program that eventually causes the affected iPhone to display its PIN.

Time varies from tthree hours to three days or even longer for six-digit PIN’s, and upon completion the phone’s entire file system can be downloaded.

The GrayKey device works on iOS versions such as 11.2.5, which was released on January 23rd of this year; the only security fix publicly acknowledged by the company in the latest version 11.2.6 related to the infamous Telugu bug.

Grayshift is reportedly offering the device in a fifteen thousand dollar, thirty-use version that needs a geo-fenced internet connection to function, as well as a thirty thousand dollar unlocked version, so it would seem that the State Department purchased the limited version.

 In any event, its existence does pose a security threat, both because there are so many unknowns about the security flaw(s) it exploits, and the ways it could be used to compromise some of the most sensitive info on a mobile device.

Olé Crypto,


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.