Federal and local law enforcement officials are increasingly using a dubious technology that makes it easier — and cheaper — than ever to break into locked iPhones.
Called ‘GrayKey’, it works on almost all iPhone models, even those running Apple’s latest mobile operating software iOS 11, according to Motherboard.
GrayKey has attracted criticism from privacy advocates, as well as cyber security experts, who say the technology could also fall into the hands of thieves if it ends up on the black market.
GrayKey is a small, 4×4 box (pictured) that can unlock two iPhones at a time using lightning cables. To download data, cops connect an iPhone to the box for about two minutes
GrayKey is developed by shadowy Atlanta-based startup Grayshift, which offers two versions of the technology.
It’s run by US intelligence agency contractors and an ex-Apple security engineer, Forbes reported.
One version costs $15,000 (£10,500), requires internet connectivity and allows up to 300 uses. In this version, it only costs about $50 to unlock each iPhone.
But another version, which police seem to be favoring, costs $30,000 (£21,000), requires no internet connection and comes with unlimited use.
GrayKey is a small, 4×4 box that can unlock two iPhones at a time using lightning cables.
To use it, cops connect an iPhone to the box for about two minutes.
GrayKey provides an easy way for police to crack open an iPhone, which encrypts user data by default. Researchers say it works on almost any iPhone software, including iOS 11 (pictured)
Once a device is connected to the GrayKey box, the phone will display a black screen showing the device’s passcode and other information (pictured), allowing police to access it
Then, after anywhere from two hours to three days, the phone will display a black screen showing the device’s passcode and other information, according to Malwarebytes.
Currently, anyone who’s obtained physical access to an iPhone has to have a passcode or fingerprint authentication to unlock it and access data like contact lists, messages or photos.
After several incorrect attempts to unlock an iPhone, the device disables further attempts by increasing the amount of time in between each guess.
The iPhone may also delete a user’s data after too many incorrect guesses.
GrayKey provides an easy way for police to crack open an iPhone, which encrypts user data by default.
For that reason, more and more federal and local law enforcement are interested in buying the device.
GrayKey is developed by shadowy Atlanta-based startup Grayshift, which offers two versions of the technology, one that costs $15,000 and another that costs $30,000
The US Secret Service intends on buying about six of the GrayKey boxes to unlock iPhones, Motherboard noted.
Meanwhile, the US State Department has already purchased the technology and the Drug Enforcement Administration is looking into it.
The FBI is also interested in buying GrayKey boxes.
Additionally, police in Maryland and Indiana have already bought or are thinking about buying it.
‘This investigative tool will be used, when legally authorized to do so, in any investigation where it may help advance an investigation to identify criminal actors with the goal of making arrests and presenting prosecutable cases to the proper prosecuting authority,’ David Bursten, chief public information officer for the Indiana State Police, told Motherboard.
Federal and local law enforcement officials are increasingly using a dubious technology that makes it easier — and cheaper — than ever to break into locked iPhones. File photo
Apple CEO Tim Cook (pictured) famously said that complying with the FBI’s court order to unlock the San Bernardino shooter’s phone would be ‘bad for America’
The FBI noted that GrayKey can ‘provide a more economical solution for iOS mobile device processing and that it ‘fills a critical need’, Motherboard said.
Apple has declined to comment on Grayshift and recommended users update to the latest iOS version so that they aren’t exposed to vulnerabilities.
That’s important, as GrayKey works by exploiting vulnerabilities in the iPhone to unlock it.
It’s not currently known what specific iPhone vulnerabilities GrayKey exploits.
GrayKey may use similar tactics as Cellebrite, an Israel-based company that’s developed technology to crack encrypted iPhones.
Cellebrite targets Secure Enclave, a chip in the iPhone that handles security.
Federal officials are said to have paid Cellebrite $900,000 to unlock an iPhone owned by one of the San Bernardino terrorists as part of a criminal investigation into the shooting in 2016.
The Department of Justice wanted to force Apple to unlock an iPhone belonging to one of the shooters by creating an entirely new operating system that could bypass passcodes.
Essentially, they wanted Apple to created a backdoored version of the software that would give the government access to encrypted iPhones.
Apple CEO Tim Cook famously said that complying with the FBI’s court order to unlock the San Bernardino shooter’s phone would be ‘bad for America’.
Currently, anyone who’s obtained physical access to an iPhone has to have a passcode or fingerprint authentication to unlock it and access data like contact lists, messages or photos. File photo
Apple denied to help the DOJ unlock the phone, so the feds paid Cellebrite to do it.
Government officials want more tech firms to work with them on building backdoors for devices.
FBI chief Christopher Wray has called strong encryption a ‘public safety issue’ as it denies them access to potential evidence stored in locked devices.
But naturally, tech firms have rejected that idea, as it could serve as a slippery slope for eliminating user privacy.
However, with the help of GrayKey, law enforcement won’t need tech firms or backdoors to assist them with cracking open locked iPhones.
‘It demonstrates that even state and local police do have access to this data in many situations,’ Matthew Green, associate professor at Johns Hopkins Information Security Institute, told Motherboard.