Grayshift’s GrayKey device has been in the news quite a few times over the past few months, because it’s the kind of tool that can break into any iPhone running any version of iOS, including last year’s iPhone X. The machine guesses the password of a device by trying all possible combinations, which is commonly referred to as a brute force attack. That’s why plenty of US law enforcement agencies have already bought GrayKeys, which cost either $15,000 or $30,000, depending on how you want to use them. But it turns out that even a company that has plenty of experience when it comes to security isn’t safe from data breaches.
An unknown party was able to obtain code snippets from the GrayKey, Motherboard has learned, and demanded 2 Bitcoin in ransom. “Mr. David Miles, This is addressed to you and any other people interested in keeping GrayKey product secure and not available to the wide public,” said a message published online addressing one of the co-founders of Grayshift. “We are a ‘business group’ looking forward to bring into your attention the fact that we HAVE obtained the source code for your product GrayKey and would appreciate any donation above 2 BTC.”
However, it looks like this may have been a bluff from the “hackers.”
Grayshift confirmed to Motherboard that data had indeed been stolen, but the code came from a customer site, where a GrayKey unit’s UI “was exposed to the internet for a brief period of time earlier this month.”
The hackers apparently haven’t obtained any meaningful data. The ransom hasn’t been paid yet, which seems to be further proof that it’s all worthless since nothing was released. Not to mention that the actual payout the “business group” is seeking seems trivial. Two Bitcoin is about what you’d pay for one GrayKey box.