Over 2,000 law enforcement agencies have iPhone encryption-breaking tools

Posted:
in iPhone
Law enforcement agencies across the United States have tools to access data stored on encrypted iPhones, a report claims, with at least 2,000 agencies in the country now having the means to gain access to further their criminal investigations.

A forensics tool from Cellebrite used to access iPhones and other smartphones
A forensics tool from Cellebrite used to access iPhones and other smartphones


The long-running encryption debate has always centered around the idea that members of law enforcement were not able to acquire evidence from devices and services due to the use of encryption, necessitating requests for backdoors to be put in place. In a new report, it seems that the calls for backdoor access may not be needed at all.

According to a report by Washington nonprofit Upturn seen by the New York Times, it is claimed that at least 2,000 law enforcement agencies across all 50 states have tools to be able to access locked and encrypted smartphones. The information was determined by analyzing years of public records relating to the agencies and their investigations.

It is thought that at least 49 out of the 50 largest police departments in the United States have the tools to gain access, as well as a number of smaller towns and counties. For areas that do not own the tools, they often turn the smartphones over to state or federal crime labs that typically do have them.

These tools can take the form of GrayShift's GrayKey, a small device capable of unlocking secured iPhones. Federal law enforcement and local police departments have been buying the tool for a few years, paying tens of thousands of dollars for the hardware.

In cases where the tools don't do the job, the devices can be sent to services such as Cellebrite for unlocking. Invoices reveal Cellebrite charges around $2,000 per device unlock, and sold a premium tool to the Dallas Police Department for $150,000.

The ease of access to the tools has also emboldened law enforcement's use of the equipment, ranging from major crimes such as homicides and rape to lesser crimes, including instances of shoplifting. Such minor cases include warrants to search phones in Fort Worth concerning marijuana valued at approximately $220, as well as a fight at a McDonald's in Coon Rapids, Minn. over $70.

It is reckoned hundreds of thousands of smartphones have been searched over the last five years.

Despite the number of agencies possessing the tools and actively using them, some still find the existence of tough encryption to be a problem. The expense and the time it takes to unlock a device are still issues to law enforcement, with Manhattan district attorney Cyrus R. Vance Jr testifying to Congress in December 2019 "We may unlock it in a week, we may not unlock it for two years, or we may never unlock it."

The existence of the tools "have served as a kind of a safety valve for the encryption debate," Stanford University researcher Riana Pfefferkorn suggests, but it has changed what law enforcement demands. "Instead of saying 'We are unable to get into devices,' they now say 'we are unable to get into these devices expeditiously."

This need for speed of access has enabled law enforcement officials to continue calls for changes that would force companies like Apple and Google to add backdoors to their services, such as bills proposed in Congress to create such items.

In October, the US Department of Justice working with other "Five Eyes" nations issued a statement demanding the creation of backdoors, insisting they get created to "act against illegal content and activity effectively with no reduction in safety. In effect, the creation of a backdoor that only law enforcement could access that maintains security for everyone else.

Critics argue that the very creation of a backdoor weakens encryption as a whole, as bad actors would simply attack the backdoor as an easier point of access to the data.
«1

Comments

  • Reply 1 of 34
    Tim said “my generation has failed you” there is nothing private in tech anymore. Actually I’d be surprised if Apple has not already been handed a gag order on back doors. 
    OctoMonkeyols
  • Reply 2 of 34
    bloggerblog said:
    Tim said “my generation has failed you” there is nothing private in tech anymore. Actually I’d be surprised if Apple has not already been handed a gag order on back doors. 
    Agreed!  Given how information "leaks" seem to happen constantly, if such a gag order does exist, somebody should simply leak it.

    More, if these tools exist, what is the reason for the DOJ to be doggedly pursuing back doors from the tech companies?
    razorpitzeus423chasmolscornchipwatto_cobra
  • Reply 3 of 34
    razorpitrazorpit Posts: 1,796member
    bloggerblog said:
    Tim said “my generation has failed you” there is nothing private in tech anymore. Actually I’d be surprised if Apple has not already been handed a gag order on back doors. 
    Agreed!  Given how information "leaks" seem to happen constantly, if such a gag order does exist, somebody should simply leak it.

    More, if these tools exist, what is the reason for the DOJ to be doggedly pursuing back doors from the tech companies?
    Wondered that myself. Makes you ask how effective are these devices against newer/updated phones?
    watto_cobra
  • Reply 4 of 34
    It seems like these cracking devices require a physical port to work (I may be wrong in that). If that’s true then a port less iPhone will be even more secure from, what I see, is the potential for malicious cracking by a bad actor of the device. The new MagSafe charger makes me think the physical ports of the iPhone are soon to be a thing of the past.
    zeus423olscornchip
  • Reply 5 of 34
    bloggerblog said:
    Tim said “my generation has failed you” there is nothing private in tech anymore. Actually I’d be surprised if Apple has not already been handed a gag order on back doors. 
    Agreed!  Given how information "leaks" seem to happen constantly, if such a gag order does exist, somebody should simply leak it.

    More, if these tools exist, what is the reason for the DOJ to be doggedly pursuing back doors from the tech companies?

    Media Soundbites. It makes the DOJ lapdog look good in front of the cameras and in the news shows. Then they can go to their financial masters and ask for billions more funding.
    Simple really. Keep Joe Q Public in the dark. They don't really need to know do they? /s
    chasmDogpersoncornchipwatto_cobra
  • Reply 6 of 34
    DAalsethDAalseth Posts: 2,583member
    And I guarantee that an equal number of criminal organizations have them as well. 
    ronnzeus423TMC44Rayz2016olscornchipwatto_cobra
  • Reply 7 of 34
    JFC_PAJFC_PA Posts: 862member
    So there’s absolutely NO need for some idiotic back door security flaw. 
    Rayz2016olsStrangeDayswatto_cobra
  • Reply 8 of 34
    JFC_PAJFC_PA Posts: 862member
    bloggerblog said:
    Tim said “my generation has failed you” there is nothing private in tech anymore. Actually I’d be surprised if Apple has not already been handed a gag order on back doors. 
    Agreed!  Given how information "leaks" seem to happen constantly, if such a gag order does exist, somebody should simply leak it.

    More, if these tools exist, what is the reason for the DOJ to be doggedly pursuing back doors from the tech companies?
    Never underestimate how lazy the DOJ really is. 
    chasmolssvanstromcornchipwatto_cobra
  • Reply 9 of 34
    I saw that Cellebrite device in an Apple Store. They were using it to quickly transfer Android data to the iPhone during the setup of the customer’s newly purchased iPhone.
    ivanhwatto_cobra
  • Reply 10 of 34
    wood1208wood1208 Posts: 2,816member
    Let me know if they have iPad encryption-breaking tools. Apple locked my iPad and have no way to fix it. Hopefully, my tax dollars funded law enforcement can help me unlock it.

  • Reply 11 of 34
    chasmchasm Posts: 2,616member
    wood1208 said:
    Let me know if they have iPad encryption-breaking tools. Apple locked my iPad and have no way to fix it. Hopefully, my tax dollars funded law enforcement can help me unlock it.

    Apple did not "lock" your iPad. You did. Apple does not have any remote control of your iPad. Grow a pair and take responsibility for your own actions.
    JFC_PAronnentropysRayz2016svanstromStrangeDayswatto_cobra
  • Reply 12 of 34
    chasmchasm Posts: 2,616member
    Regarding Cellebrite and similar hardware tools: have you ever noticed that you never hear about Google/Android being pressured to include backdoors, or that the DOJ can't get into an Android phone? Funny that ...
    JFC_PAericthehalfbeeolscornchipwatto_cobra
  • Reply 13 of 34
    JFC_PAJFC_PA Posts: 862member
    chasm said:
    wood1208 said:
    Let me know if they have iPad encryption-breaking tools. Apple locked my iPad and have no way to fix it. Hopefully, my tax dollars funded law enforcement can help me unlock it.

    Apple did not "lock" your iPad. You did. Apple does not have any remote control of your iPad. Grow a pair and take responsibility for your own actions.
    They warn, in VERY big letters that if YOU choose to enable a recovery code there’s no way back if you f up and lose it. VERY big letters. 
    cornchipStrangeDayswatto_cobra
  • Reply 14 of 34
    People think "the government" is one big organization where all departments share information with each other the behest of the head of government. In reality, government departments often can't legally share information across departments (sometimes it's just technical incompetence.) In the US, the head of government doesn't create the laws, while in many other countries like Canada and the UK, the head of government does. So the US government has restrictions that most other nations don't (for your own protection.) And this doesn't even mention the fact that there are local and federal governments with conflicting laws and court systems (not to mention military and tribal jurisdictions who also don't share information.)

    I wonder why it seems that everyone thinks that the government breaks the law to charge and convict people. There sure are a lot of people that think the government is a criminal enterprise. The US government is "of the people, by the people, for the people" not "against the people".
    georgie01tmay
  • Reply 15 of 34
    JFC_PAJFC_PA Posts: 862member
    Though as it’s made UP of people all the usual people flaws exist including out of control ambition and the lazy inclination to take shortcuts when they “know” they’re right. 
    watto_cobra
  • Reply 16 of 34
    I saw that Cellebrite device in an Apple Store. They were using it to quickly transfer Android data to the iPhone during the setup of the customer’s newly purchased iPhone.
    How long ago did you see this as most of the Apple stores I have been in have gotten rid of them over a year ago. I think it had something to do with them getting into the unlock game. 
    watto_cobra
  • Reply 17 of 34
    People think "the government" is one big organization where all departments share information with each other the behest of the head of government. In reality, government departments often can't legally share information across departments (sometimes it's just technical incompetence.) In the US, the head of government doesn't create the laws, while in many other countries like Canada and the UK, the head of government does. So the US government has restrictions that most other nations don't (for your own protection.) And this doesn't even mention the fact that there are local and federal governments with conflicting laws and court systems (not to mention military and tribal jurisdictions who also don't share information.)

    I wonder why it seems that everyone thinks that the government breaks the law to charge and convict people. There sure are a lot of people that think the government is a criminal enterprise. The US government is "of the people, by the people, for the people" not "against the people".
    Well after Snowden exposed how the NSA was spying on American citizens to try to find out if they were terrorist cells, a good portion does not trust them. Now it’s much worse with the whole country deeply partisan. There is no trust in our government and I don’t see it getting better anytime soon.
    georgie01ForumPostStrangeDayswatto_cobra
  • Reply 18 of 34
    People think "the government" is one big organization where all departments share information with each other the behest of the head of government. In reality, government departments often can't legally share information across departments (sometimes it's just technical incompetence.) In the US, the head of government doesn't create the laws, while in many other countries like Canada and the UK, the head of government does. So the US government has restrictions that most other nations don't (for your own protection.) And this doesn't even mention the fact that there are local and federal governments with conflicting laws and court systems (not to mention military and tribal jurisdictions who also don't share information.)

    I wonder why it seems that everyone thinks that the government breaks the law to charge and convict people. There sure are a lot of people that think the government is a criminal enterprise. The US government is "of the people, by the people, for the people" not "against the people".
    Pretty sure it is "against the people" in more recent times. 
    hammeroftruthForumPostStrangeDayswatto_cobra
  • Reply 19 of 34
    Wgkrueger said:
    It seems like these cracking devices require a physical port to work (I may be wrong in that). If that’s true then a port less iPhone will be even more secure from, what I see, is the potential for malicious cracking by a bad actor of the device. The new MagSafe charger makes me think the physical ports of the iPhone are soon to be a thing of the past.
    The closer you are to "low-level" hardware, the better it is when you are trying to circumvent layers of protection.

    It's the same as you physically walking from point A to point B, it will be quicker the fewer obstacles in your way.

    So, yes, having access to a physical port is usually an advantage.

    But… that doesn't mean that a physical port is a necessity.

    Without a physical port certain attacks will be prevented, but some will not be affected as all, and there might even be some new vulnerabilities introduced.

    Without a physical port a physical attack will still be possible, though, it will just require the device to be physically opened up. Depending on how the wireless stuff is implemented it might even be possible to simply replace it with a physical port; and then things are back to where they used to be.

    At the end of the day it's just another day in the game, where all sides will keep on making progress and negate the progress of the other sides.

    Edit: Also, don't forget that a wireless connection opens up for the potential weakness of it being able to be hacked through otherwise protective layers; like having your device automatically hacked simply by standing next to a bad person on public transport etc.
    edited October 2020 watto_cobra
  • Reply 20 of 34
    flydogflydog Posts: 1,097member
    Wgkrueger said:
    It seems like these cracking devices require a physical port to work (I may be wrong in that). If that’s true then a port less iPhone will be even more secure from, what I see, is the potential for malicious cracking by a bad actor of the device. The new MagSafe charger makes me think the physical ports of the iPhone are soon to be a thing of the past.
    Physical ports will always be present because they are necessary for DFU and diagnostic purposes. 
    watto_cobra
Sign In or Register to comment.