There’s a Tool That Can Break Into Most iPhones — Here’s How to Help Stop It

Apple’s devices, particularly iPhones, feature encryption that’s notoriously hard to crack. While those security measures are good for users, they’ve long been a bane to law enforcement efforts.

For years, various police departments and federal agencies have struggled to break into Apple devices crucial to criminal investigations.

And Apple, due to its strong commitment to user privacy and security, has repeatedly refused to create backdoors that could aid in these efforts.

Unfortunately, the days of iPhones being relatively hack-proof may be numbered. In this article, we will provide some ideas that will show you how to stop iPhone Hacking Tool GrayKey. The options provided are intended to make it harder for someone to crack your iPhone security.

The GrayKey

Earlier this year, media outlets reported that a new iPhone hacking device had entered the market.

That device, GrayKey, is being marketed to law enforcement agencies across the country by its creator, a startup called Grayshift.

What Is GrayKey

According to data and photos obtained by cybersecurity firm Malwarebytes, GrayKey itself is fairly unassuming.

It’s a small gray box with two Lightning connectors protruding out of it. It also has a small display.

That means it can work on two iPhone devices at a time. And despite the strong encryption on Apple devices, GrayKey can reportedly break into locked iPhones.

How Does GaryKey Work

The exact method that GrayKey leverages to bypass iOS encryption is unknown. But Malwarebytes’ research gives us a small look into how it works.

Basically, once an iPhone is plugged into it, GrayKey can guess its passcode. The passcode is then displayed on the iPhone’s screen, allowing the GrayKey user to unlock the device.

From there, the user can sift through and even download the now-unencrypted data stored on the iPhone.

What Can It Unlock?

Reportedly, GrayKey can unlock any iPhone, all the way up to the most recent iPhone X models.

As far as operating system, GrayKey works on more recent iOS versions. According to available data, that includes various updates to iOS 11.

Who’s Buying It

Law enforcement agencies, long unable to break into confiscated iPhones, are snatching up the GrayKey.

According to an investigation by tech publication Motherboard, various police agencies are looking into purchasing the device — and some already have. They include the following:

• Federal agencies like the U.S. Department of State, DEA, FBI and Secret Service.
• State agencies like the Maryland State Police and Indiana State Police.
• Local police departments in Miami-Dade and the Indianapolis Metropolitan Police Department.

The Implications of GrayKey

While the device will obviously be a boon to law enforcement, it has wider implications for the general public.

Of course, if it remains in the hands of police, the average law-abiding iPhone user probably has nothing to worry about. But the device or the code that powers it could fall into the wrong hands.

Just this week, unknown hackers leaked portions of the GrayKey user interface code to the public. Those attackers then demanded a ransom from Grayshift to stop any additional leaks.

Technology like this, and the companies that make it, are targets. While malicious entities might not have access to GrayKey yet, that could certainly change in the future.

How to Protect Your Data on iPhone

It’s not all doom and gloom for iPhone users, however. While you may not be able to stop hacking attempts entirely, you can make them harder to pull off.

For instance, GrayKey can reportedly bypass a 4-digit passcode in a couple hours.

A six-digit passcode, on the other hand, can take as long as several days to crack.

But a 10-digit alphanumerical password can take upwards of 9,000 days to guess.

That’s according to Matthew Green, a professor of cryptography at the John Hopkins Information Security Institute.

If you want to make it harder for GrayKey and devices like it to break into your iPhone, you have a few options.

Some Things to Consider

• 4-Digit Passcode. This may be the most convenient but it’s also the weakest way to protect your iPhone.
• 6-Digit Passcode. As we’ve covered, this makes it a bit harder to bypass. But it’s still doable in a few days.
• Custom Numeric Code. You can make this passcode, comprised of just numbers, as long as you want. But it’s still not as good as the next option.
• Custom Alphanumeric Code. This option, as we’ve seen, can take years to bypass. A password that’s at least 7 digits long and contains a mix of characters is probably your best bet for security, according to Greene.

Of course, using a longer password is an inconvenience. But if you’re using Face ID or Touch ID as your main authentication method, then you should only have to re-enter your password when the iPhone restarts.

Change Your iPhone’s Passcode

• Launch Settings
• Scroll down and find Touch ID and Passcode. (Face ID and Passcode on the iPhone X, and presumably, future devices that feature Face ID.)
• Tap on it.
• Enter your device’s current passcode.
• Find and tap Change Passcode.
• Again, you’ll have to enter your device’s passcode again.
• Tap Passcode Options.
• Tap the option of your choice.
• Enter the password, using a mix of uppercase and lowercase letters, numbers and other characters.
• Tap next. You’ll have to re-enter your password to verify.

Again, your iPhone won’t be hack-proof. But its password will be much harder for a GrayKey or similar device to guess. On the other hand, if you have particularly sensitive data on your iPhone, you might want to take additional steps to protect yourself.

If you’d like to read about other ways to protect your data and privacy, be sure to check out our other privacy- and security-related posts (which you can find below).

Related Posts:

• Quick Tips to Make Your iPhone or iOS Device Even More Private
• How To Clear Your Search History on Your iPhone and Protect Privacy
• How to Boost your iPhone Security Ten Fold in less than 2 Minutes
• Protecting Your Privacy and Security on Safari, How To