By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
The iPhone X (and 8) is designed with the latest security technology to keep your information private. When the device is locked, only you should be able to unlock it. Though that has always been Apple’s intentions, and the Cupertino-based tech giant has remained adamant that it won’t install a “backdoor” for government agencies to access information, new companies—specifically Cellebrite and now Grayshift—are reporting that they have new, legal software that can crack into the iPhone.
Cellebrite has been around for a while, but Grayshift is the latest company to come forward and claim it has an iPhone X hack. Before we look at what this means for you, it’s important to take a step back: What are the actual conditions required to unlock the iPhones?
Grayshift’s tool is called GrayKey. It costs $15,000 for an online version or $30,000 for an unlimited one. Right now, it says that its software can unlock both iOS 10 and iOS 11, and it’s working on updates that allow it to unlock iOS 9. Cellebrite also makes similar claims.
Right now, we only know that these companies are claiming that their software works. Exactly how it works is a different story. iPhones have passcode restrictions, for instance; depending on your setup, this means that after 10 incorrect passcodes the device is wiped. How the software gets past this is unknown, but GrayShift has claimed that it can still crack into a disabled iPhone.
What does all of this mean?
It likely means that, with this software, the FBI and other government agencies, or anyone willing to drop 15-30k, would have all the technology they need to access the data on an iPhone. This, of course, puts into motion a lot of privacy issues. Remember the San Bernardino shooter, Syed Rizwan Farook, and the controversy surrounding getting his iPhone unlocked? Apple refused to unlock it, and it is believed that Cellebrite was the one that eventually helped the FBI do it…but what’s interesting is that to unlock the phone in that instance, it cost a reported $1 million. And still, no one is quite sure how the company did it.
The good news: This is mainly only an issue for people who have their phone confiscated and have incriminating information a government agency would be keen to unearth. If you have nothing to hide, you probably don’t need to worry. But beware: Even smaller local law enforcement agencies have now signed up to use GrayShift’s technology, so this tech isn’t reserved only for hardy criminals.
Regardless, it’s still a good idea to take steps to secure your iPhone:
- Keep it updated the moment you see a new iOS update. Apple won’t take this lying down, so expect a security fix imminently.
- Use an extra-long unlocking code. It’s best to use a 10-digit one to unlock your phone, but in truth, 6 digits should be fine.
- Choose a short lock period. Yes, it might be annoying if your phone locks itself after a minute, but your information will be much safer.
- Use a VPN like Hotspot Shield to encrypt your online activities.
While the government and other agencies will be happy to learn that there are now tools for them to access a suspect’s phone, Apple will be keen to close this hole as soon as possible. And once it does, you can bet that Cellebrite, Grayshift, and others will be looking at new ways to hack back in.