Remember the San Bernardino attack in 2016, when Apple refused the FBI’s request to unlock the iPhone belonging to one of the shooters? It appears, taking lessons from that episode, police and law enforcement are buying and using iPhone unlocking tools such as the GrayKey.
According to Motherboard, a U.S. startup called Grayshift is the provider of such iPhone unlocking tools to the police. The mysterious startup reportedly hired an ex-Apple security engineer. The GrayKey, a four-by-four inch box, is one of the most used iPhone unlocking tools. The box comes fitted with two lightning cables at the front, notes security software company Malwarebytes.
According to Grayshift, the GrayKey works only with the iOS 10 and 11 for now, while the support for the iOS 9 is in the works. The box supports handsets from the iPhone X to the iPhone 6, and a few iPad models as well, notes a report from Forbes. The GrayKey comes in two variants. The first costs $15,000, and needs internet connectivity and can be used 300 times. The other costs $30,000, works offline and there is no limit on the unlocks.
Grayshift is even aggressively marketing its product among private online police and forensic groups. One source informed Forbes that they had seen the demo of the technology, and it was able to unlock the iPhone X.
How exactly these iPhone unlocking tools work is not very clear yet. But, according to Grayshift, the box takes between two to three hours to crack the phone’s passcode. Once GrayKey cracks the phone its passcode pops-up on a black screen. After the phone is unlocked, all its data is transferred onto the box.
Grayshift was founded at the time when FBI and Apple were in a battle over unlocking of the iPhone belonging to a San Bernardino shooter. Based on the LinkedIn profiles, this company came into being in 2016 and was founded in Atlanta by David Miles. It must be noted that Miles previously worked with a company called Endgame, which reportedly provided hacking tools to U.S. government agencies, including the NSA, notes Forbes.
Such iPhone unlocking tools are growing popular among law enforcement agencies. According to Motherboard, the Miami-Dade County Police, the Maryland State Police, and the Indiana State Police already own or would soon purchase the GrayKey box. Meanwhile, the Indianapolis Metropolitan Police Department has already inspected the box and gotten quotes from GrayShift.
The Drug Enforcement Administration has also expressed interest in the box. “The connection of electronic devices to a wide range of crimes continues to increase, so the need to obtain investigative information from these devices during a criminal investigation continues to grow,” Maryland State Police spokesperson, Greg Shipley, told Motherboard.
The iPhone unlocking tools could prove very useful for law enforcement agencies, but at the same time would undermine user privacy. In January, FBI Director Christopher Wray, said the law enforcement agencies are facing a “Going Dark” challenge as the majority of cases rely on the electronic device. “We’re increasingly unable to access that evidence, despite lawful authority to do so,” Wray said.
However, the use and growing popularity of GrayKey-like iPhone unlocking tools contradict the statement from FBI’s director. FBI hasn’t confirmed if it has purchased the GrayKey, notes Motherboard. FBI, in fact, already uses and spends millions on similar iPhone unlocking tools. Previously, Motherboard reported that the agency purchased more than $2 million worth of such tools from a vendor called Cellebrite. The Bureau’s General Counsel in 2016 claimed that the agency is capable of unlocking the majority of phones.
A couple of months back, a report from Forbes claimed that Cellebrite is a preferred vendor of the U.S. government agencies for unlocking mobile devices. The Israel-based vendor even has the technology to pierce the security of the devices running on the iOS 11, including the iPhone X.
“The availability and affordability of these tools undercuts law enforcement’s continual assertions that they need smartphone vendors to be forced to build ‘exceptional access’ capabilities into their devices,” cryptography fellow at the Stanford Center for Internet and Society, Riana Pfefferkorn, told Motherboard.
It will be interesting to see how Apple reacts to all this. The iPhone maker is committed to secure the users privacy, and thus, would want to plug the loophole exploited by GrayKey. And, if Apple succeeds, all such devices will stop working. If this happens, what the law enforcement agencies that have invested public money in buying iPhone unlocking tools will do, would be even more interesting to watch.
As of now, there have been no comments from Apple over GrayKey and other such iPhone unlocking tools.