iPhone unlocking tool GrayKey sees increased use across all levels of law enforcement
With the help of the iPhone-cracking GrayKey, local police departments and government agencies alike are gaining the ability to crack the security in the iPhone in ever-greater numbers, a new report says.
Back in early 2016, Apple famously refused to assist the FBI in unlocking an iPhone 5c belonging to Syed Rizwan Farook, one of the shooters in that year's San Bernardino attack. The FBI later got into the device on their own, setting off an entire round of disputes between the company and federal law enforcement.
Both federal law enforcement and local police departments have begun using GrayKey, a relatively inexpensive encryption bypass tool, and other tools like it, according to an investigative piece published by Motherboard.
Vice found, using public records requests, that the State Department has purchased GrayKey technology, as have the Indiana and Maryland State Police. The Secret Service and Drug Enforcement Agency are planning to, and the Indianapolis and Miami-Dade police departments either have bought the equipment or have sought it.
The same site had reported last month that the Indiana State Police had contracted to use GrayKey. Beyond Indiana, Vice does not say in the piece exactly how many state and local police departments are using GrayKey.
The device can unlock an iPhone in a matter of hours for a four-digit passcode, but six-digit passcodes, now the standard, can take as long as three days, according to an analysis by MalwareBytes.
GrayKey is manufactured by a startup company called Grayshift, with Braden Thomas, a former Apple security engineer, among its principals. Thomas has his name on at least five Apple patents.
The GrayKey device has been described as "a pocket-sized device with questionable security," available in $15,000 and $30,000 editions.
The piece also notes that despite the FBI using GrayKey, FBI Director Christopher Wray has said publicly that "we face an enormous and increasing number of cases that rely on electronic evidence. We also face a situation where we're increasingly unable to access that evidence, despite lawful authority to do so," according to comments published by the website Lawfare, and cited by Vice.
Back in early 2016, Apple famously refused to assist the FBI in unlocking an iPhone 5c belonging to Syed Rizwan Farook, one of the shooters in that year's San Bernardino attack. The FBI later got into the device on their own, setting off an entire round of disputes between the company and federal law enforcement.
Both federal law enforcement and local police departments have begun using GrayKey, a relatively inexpensive encryption bypass tool, and other tools like it, according to an investigative piece published by Motherboard.
Vice found, using public records requests, that the State Department has purchased GrayKey technology, as have the Indiana and Maryland State Police. The Secret Service and Drug Enforcement Agency are planning to, and the Indianapolis and Miami-Dade police departments either have bought the equipment or have sought it.
The same site had reported last month that the Indiana State Police had contracted to use GrayKey. Beyond Indiana, Vice does not say in the piece exactly how many state and local police departments are using GrayKey.
The device can unlock an iPhone in a matter of hours for a four-digit passcode, but six-digit passcodes, now the standard, can take as long as three days, according to an analysis by MalwareBytes.
GrayKey is manufactured by a startup company called Grayshift, with Braden Thomas, a former Apple security engineer, among its principals. Thomas has his name on at least five Apple patents.
The GrayKey device has been described as "a pocket-sized device with questionable security," available in $15,000 and $30,000 editions.
The piece also notes that despite the FBI using GrayKey, FBI Director Christopher Wray has said publicly that "we face an enormous and increasing number of cases that rely on electronic evidence. We also face a situation where we're increasingly unable to access that evidence, despite lawful authority to do so," according to comments published by the website Lawfare, and cited by Vice.
Comments
Apple balances on a thin line in making the iPhone as secure as possible to everyone and making it easily accessible to the owner. If my iPhone gets lost or stolen, I can be fairly confident that my data is secure. However, if I'm in a position where my phone is confiscated by a government agency, then I would be naive to believe it's secure from a government that has the ability to throw a ton of resources, money, and manpower at breaking into my phone.
One thing I'm confident of is that Apple will continue to harden iPhone security, but then the iPhone cracking industry will continue as well. Cat and Mouse.
I'm not sure what else there is to say on the issue, but I'll pass your desire for an editorial to him.
If the 6-digit PIN isn't enough, then do what the security-conscious users do—create a passcode using the full keyboard. Even just 4 characters is over 1 billion combinations with the iOS keyboard.
How many clients does Grayshift have in the Middle East and Asia?