Thanks to an anonymous source, we now know what this mysterious
device looks like, and how it works. And while the technology is a
good thing for law enforcement, it presents some significant
GrayKey is a gray box, four inches wide by four inches deep by two
inches tall, with two lightning cables sticking out of the front.
Two iPhones can be connected at one time, and are connected for
about two minutes. After that, they are disconnected from the
device, but are not yet cracked. Some time later, the phones will
display a black screen with the passcode, among other information.
The exact length of time varies, taking about two hours in the
observations of our source. It can take up to three days or longer
for six-digit passcodes, according to Grayshift documents, and the
time needed for longer passphrases is not mentioned. Even disabled
phones can be unlocked, according to Grayshift.
After the device is unlocked, the full contents of the filesystem
are downloaded to the GrayKey device. From there, they can be
accessed through a web-based interface on a connected computer,
and downloaded for analysis. The full, unencrypted contents of the
keychain are also available for download.
So the phone is only connected to the box for two minutes, and then the phone itself displays the passcode after it’s cracked? If I’m reading this right, the box must jailbreak the iPhone and install the cracking software on the iPhone itself. I guess that would explain how they get around iOS’s (optional) wipe-after-10-wrong-guesses feature, as well as the escalating delays after a few wrong guesses.