This is part of an ongoing Motherboard series on the proliferation of phone cracking technology, the people behind it, and who is buying it. Follow along here .Law enforcement agencies across the country are buying or have expressed interest in buying GrayKey, a device that can unlock up-to-date iPhones. But Grayshift, the company that makes the device, has attracted some other attention as well.Last week, an unknown party quietly leaked portions of GrayKey code onto the internet, and demanded over $15,000 from Grayshift—ironically, the price of an entry-level GrayKey—in order to stop publishing the material. The code itself does not appear to be particularly sensitive, but Grayshift confirmed to Motherboard the brief data leak that led to the extortion attempt.
"Mr. David Miles," the extortionists' first message, published on Thursday, reads, addressing a co-founder of Grayshift. "This is addressed to you and any other people interested in keeping GrayKey product secure and not available to the wide [sic] public."The site hosting the message has since deleted the post, but a Google cached version is still available, and a second message, published a day later, is online at the time of writing."We are a 'business group' looking forward to bring into your attention the fact that we HAVE obtained the source code for your product GrayKey and would appreciate any donation above 2 BTC [~$19,000 on Tuesday]," both messages continue. Both then paste different selections of apparent GrayKey code.
The GrayKey can unlock modern iPhones, including models running iOS 11.3 and the iPhone X. The device works by brute-forcing possible passcode combinations, and can break through 4 digits in around two hours, and 6 digits in three days or longer, according to leaked details published by cybersecurity firm Malwarebytes.The code the extortionists posted isn't all that interesting. Instead, it seems to be for operating the display on the GrayKey that provides messages to a user."Waiting for GrayKey…" one line reads, with the code suggesting that the display will then show a "wait image," something similar to a loading icon.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on firstname.lastname@example.org, or email email@example.com.