‘GrayShift’, the iPhone unlocking expert, is apparently selling a mobile version of its ‘GrayKey’ tool as well. This is reported by Motherboard, who got to access emails exchanged between the company and its clients, and then dive into public procurement records.
Considering the evidence, it looks like GrayShift is now further braking away from any previous technical and practical limitations that its products faced in the past years. According to the details that surfaced, GrayShift has extended its range of products with a mobile app that can be planted directly into the target device.
GrayShift initially launched the GrayKey as a specialized product meant to help forensics and law enforcement teams break into locked iPhone devices. The online version’s cost was set to $15,000, allowing up to 300 unlocks. During 2020, GrayShift raised the price to $18,000, as iOS vulnerabilities got a lot harder to source.
Along with the online version, GrayShift offered an offline version that can be used for an unlimited number of times. Thus, agencies that were performing large volumes of break-ins bought a device to keep on their premises and do the trick whenever needed.
Related: Apple Blocks Police Password Cracking Tool GrayKey on iOS 12
Motherboard has found a recent (April 2020) procurement record between GrayShift and the US Drug Enforcement Administration mentioning a “GrayKey License Mobile Renewal” for $45,000. Going a bit further back, in September 2019, Motherboard found a related record titled “Gray Key mobile unit” with a similar amount at $45,075.
By digging deeper, the investigators found an annual deal described as “GrayKey Unit—GrayKey Annual License Mobile,” which cost the department $90,000. The deduction made from all this could be that GrayKey has a mobile version and that it costs $45k for a six-month license.
GrayShift seems to be catching up with Cellebrite, another iPhone unlocking and data forensics expert. Cellebrite has been offering its own mobile tool called the Universal Forensic Extraction Device (UFED) for over four years now. We have previously analyzed that tool’s capabilities in detail, thanks to the insightful testing results that NIST published a while back.
Related: This Is How the US Law Enforcement Breaks Into Phones
The US Drug Enforcement Administration is most likely using several tools to unlock phones or access data that are typically beyond its reach. Back in September 2019, a set of leaked documents revealed that the DEA was actually negotiating with the NSO to buy a license to use their Pegasus Spyware - from which they withdrew only because of the high costs.