'GrayKey' iPhone unlock in use by Indiana police, documents reveal

AppleInsider

A recently exposed forensic tool called "GrayKey" -- sold as being able to hack into iOS 11 devices like the iPhone 8 and iPhone X -- is being used by at least one regional police force in the U.S.

In a purchase order dated Feb. 21, the Indiana State Police bought one GrayKey unit costing $500, and a $14,500 annual license covering 300 unlocks, Motherboard reported on Friday. Developer Grayshift sells two versions of GrayKey -- an online-only, limited-use license costing $15,000, and a $30,000 offline version without restrictions. The Indiana State Police received a $500 discount for their first year.

Emails obtained by Motherboard suggest the agency was extremely eager to sign up.

"This is a RUSH request because item is needed ASAP for evidence gathering for current cases. Please review and forward for approval," one official wrote to a peer on Feb. 20.

In another document, the agency indicated that GrayKey will be used in everything from "high profile murder cases to crimes against children cases where suspects are hiding their content from law enforcement," admitting that even with warrants, there are some devices it has been unable to hack.

The main advantage of GrayKey over options like those from Cellebrite is its price. While $15,000 may sound expensive, the Indiana State Police said Cellebrite submitted a quote valued over $200,000. The FBI infamously paid about $1 million to break into the iPhone 5c of San Bernardino shooter Syed Rizwan Farook.

That could mean that until Apple is able to fix exploits used by Grayshift, iPhone unlocks by law enforcement allowed by a warrant will become increasingly commonplace. Apple prides itself on the impregnability of on-device iPhone encryption, though it regularly hands over iCloud data when served with legal orders.

9secondkox2

An Apple front behind GrayKey?

seems crazy that folks outside of Apple can commercialize a fairly guaranteed hack. 

like buying a vacuum to clean carpet. 

maestro64

the question is, will Apple break this product on the next release of software as they did with jailbreakers. This may be another cat and mouse game with Apple and these companies.

mike1

maestro64 said:

the question is, will Apple break this product on the next release of software as they did with jailbreakers. This may be another cat and mouse game with Apple and these companies.

I'd bet on WILL be.

linkman

I'm sure that Apple purchases hacks like these -- albeit probably in a manner that disguises the identity of the buyer -- in an effort to discover and patch the vulnerabilities that those devices/software exploits. If that works, then $15000 is at least an order of magnitude below the going price of many exploits.

designr

Of course I never expect any truthful disclosures on this question: It would be interesting to learn what the evidentiary value of information gained from hacked phone has been. Much noise has been raised about "what if" ... "what if they left all of their secret plans and a list of their co-conspirators, their complete manifesto...and a map to their secret headquarters." but i really wonder...after the hack is done...did they actually get anything valuable.

Mike Wuerthele

designr said:

Of course I never expect any truthful disclosures on this question: It would be interesting to learn what the evidentiary value of information gained from hacked phone has been. Much noise has been raised about "what if" ... "what if they left all of their secret plans and a list of their co-conspirators, their complete manifesto...and a map to their secret headquarters." but i really wonder...after the hack is done...did they actually get anything valuable.

Well, we know nothing from San Bernardino.

StrangeDays

9secondkox2 said:

An Apple front behind GrayKey?

Nope. There are no secrets -- this would come out and destroy Apple's brand. More tinfoil needed.

volcan

That 37 Cord would be really expensive today.

volcan

linkman said:

I'm sure that Apple purchases hacks like these -- albeit probably in a manner that disguises the identity of the buyer -- in an effort to discover and patch the vulnerabilities that those devices/software exploits. If that works, then $15000 is at least an order of magnitude below the going price of many exploits.

They would probably need the offline version for $30K to reverse engineer it but it would be in GreyKey's best interest to only sell them to law enforcement and not to corporations because you actually need a warrant to use it. I think they would probably prefer to keep it out of Apple's hands.

jmey267

So if this is a hack turned into a product to get into iPhones is it not illegal to use? Wouldn't this pose a problem for valid legal evidence gathering?

Anachr0n

jmey267 said:

So if this is a hack turned into a product to get into iPhones is it not illegal to use? Wouldn't this pose a problem for valid legal evidence gathering?

It would be inter sting to see that get played out in court. 

If if it gets invalidated, then it would be hard to make any case at all given that any further investigation done based on the information obtained illegally would also be invalidated 

airnerd

Anachr0n said:

jmey267 said:

So if this is a hack turned into a product to get into iPhones is it not illegal to use? Wouldn't this pose a problem for valid legal evidence gathering?

It would be inter sting to see that get played out in court. 

If if it gets invalidated, then it would be hard to make any case at all given that any further investigation done based on the information obtained illegally would also be invalidated 

Seems it would at least be worth it for a defense lawyer to suggest that the hack is what put the evidence there.  Of course that only works when the phone is the only evidence.  If it merely shows location or contacts then it wouldn't work.  But if photos from it are used..."That's not mine, must have been from some hacker" should at least be attempted.  Make the state show their method and what they did to the phone before they could use it to convict you. 

wigby

maestro64 said:

the question is, will Apple break this product on the next release of software as they did with jailbreakers. This may be another cat and mouse game with Apple and these companies.

All security is (and always will be) a cat and mouse game. I’m a little disappointed that they’ve caught up to Apple though. I feel much more secure when the current hacks are a few iOS generations behind the latest Apple IOS.

wigby

airnerd said:

Anachr0n said:

jmey267 said:

So if this is a hack turned into a product to get into iPhones is it not illegal to use? Wouldn't this pose a problem for valid legal evidence gathering?

It would be inter sting to see that get played out in court. 

If if it gets invalidated, then it would be hard to make any case at all given that any further investigation done based on the information obtained illegally would also be invalidated 

Seems it would at least be worth it for a defense lawyer to suggest that the hack is what put the evidence there.  Of course that only works when the phone is the only evidence.  If it merely shows location or contacts then it wouldn't work.  But if photos from it are used..."That's not mine, must have been from some hacker" should at least be attempted.  Make the state show their method and what they did to the phone before they could use it to convict you. 

That defense won’t work provided a legal warrant was issued to retrieve the data. That’s the whole reason for legal warrants.

rotateleftbyte

The data might have been legally obtained but the method needs to be subject to examination by the defence. If the data can't be validated then legal or not, it is inadmissable in a trial. [1]
My guess is that the Police will try to plea bargain everything they can and for as long as they can.
Eventually, the method used to crack into the phone will escape and become public knowledge. Then it will be next to useless as Apple will block it from being used again.
And the game of cat and mouse goes on.

[1] When DNA tests became widely available, the testing process had to be peer reviewed many times to ensure not only its accuracy but its repeatability before it could be used as evidence. The same rules will apply to information obtained via this device.

cornchip

Great. Another black hole for tax dollars.

volcan said:

That 37 Cord would be really expensive today.

Well spotted. I was going to ask if that’s what I thought it was.

GeorgeBMac

volcan said:

That 37 Cord would be really expensive today.

You might get a discount due to its lack of headlights....

GeorgeBMac

jmey267 said:

So if this is a hack turned into a product to get into iPhones is it not illegal to use? Wouldn't this pose a problem for valid legal evidence gathering?

It seems that police aren't much constrained by the law these days...

wg45678

GeorgeBMac said:

volcan said:

That 37 Cord would be really expensive today.

You might get a discount due to its lack of headlights....

The Cord was the 1st car to have hidden headlights.  In the fender behind the State police signs I believe. 

GeorgeBMac

wg45678 said:

GeorgeBMac said:

volcan said:

That 37 Cord would be really expensive today.

You might get a discount due to its lack of headlights....

The Cord was the 1st car to have hidden headlights.  In the fender behind the State police signs I believe. 

R E A L L Y !     W O W!
It was a really cool car even without that!