Grayshift makes GrayKey iPhone unlocking boxes to multiple law enforcement agencies across the United States and makes a mockery of Apple's security invincibility claims. However, it turns out the company suffered a data breach that allowed hackers to access a small portion of the GrayKey code.
The hackers demanded two bitcoin from Grayshift with the threat of additional data being leaked. According to Motherboard, the code in question "does not appear to be particularly sensitive".
Grayshift told Motherboard in a statement: "Due [to] a network misconfiguration at a customer site, a GrayKey unit's UI was exposed to the internet for a brief period earlier this month. During this time, someone accessed the HTML/Javascript that makes up our UI. No sensitive IP or data was exposed, as the GrayKey was validation tested at the time. We have since implemented changes to help our customers prevent unauthorised access."
Grayshift says that no sensitive IP or data was exposed, and the leaked code appears to be related to the user interface that displays messages on the GrayKey.
The Tame Apple Press insists that it is proof that Grayshift security is not airtight, "raising questions about what kind of data might be accessible to hackers". The idea, of course, is to create a bogus privacy scandal in the hope that GrayKey will be shut down and Apple will not have to fix the glaring security holds that the company exploits.
Apparently, there are fears that "GrayKey technology could fall into the wrong hands".
Grayshift has not paid up. It said that "changes" have been made to help customers prevent unauthorised access to GrayKey boxes in the future. The Tame Apple Press has done its best to rubbish GrayKey since the start including calling the company a "shadowy start-up" even though it has a webpage and is pretty easy to contact.
The Tame Apple Press used the opportunity to add that GrayKey will likely be outdated at some point through updates to the iOS operating system. Of course, it has no proof of that - it is just faith in a company with a long history of dragging its feet on security issues.
It advises hardened criminals and terrorists that the way to defeat GrayKey and similar technologies can implement stronger and more secure passcodes and passwords that are more difficult to guess through brute forcing to prevent these kinds of tools from working. So if you are a hardcore criminal with much to fear from the authorities, it is best to have an 8-digit numeric code which can take over a month, while a 10-digit numeric code apparently could take years.
Of course, if the Tame Apple Press is going to advise criminals and terrorists how to break the law and avoid capture, it might be better to tell them to steer clear of Apple products completely.