Posted on March 28, 2018 at 12:18 PM
New GrayKey Can Unlock Encrypted iPhones
Governments are already buying the devices, for a paltry fifteen grand
These days, we have a password for everything. We carry most of our most personal data on a brick of glass and ceramic in our pockets. Those devices must be secure. We deserve privacy and have a right to it so long as we are breaking no laws. What about when people are breaking laws though? It is debatable as to whether law enforcement should be allowed the all access key to mobile devices, in the name of monitoring the unsavory.
There are plenty of instances where cellular data could be implemented to help law enforcement catch a criminal. Famously, the San Bernadino Shooter carried a device with him, and when law enforcement requested that Apple allow them access to the iPhone, Apple refused to grant it, citing user privacy policies. The FBI was left with no recourse in that situation, except to pay $9k to Cellebrite for a third party crack of the device.
New Kid on the Block
Now, Cellebrite has some competition, and governments are trying it out. GrayShift claims that their product can crack iPhone X and 8, as well as other models. GrayKey costs $15k and is capable of cracking two iPhones at once. From leaked purchase records, Motherboard has ascertained that the US Department of State’s Bureau of Diplomatic Security has ordered a device from GrayShift, costing them that amount. It is assumed to be a GrayKey. Indian State Police have also purchased GrayKey for law enforcement use.
According to leaked GrayKey documents, the device is not only capable of cracking two phones at once but can do it in minutes of days. Depending on the length of the password used on the device, cracks can take shorter or longer. Important to note is that GrayKey doesn’t care what iPhone model or version of iOS is used, reportedly, it can crack them all.
Law Enforcement Uses in Demand
This device could have serious ramifications for law enforcement. According to FBI director Christopher Wray, the FBI failed to unlock nearly eight thousand devices connected to a crime in 2017. At the same time, though, a $15k device is small peanuts for a cybercriminal hoping to view information about a user’s account logins, banking apps, social media activity, and cell communication.
While Cellebrite and GrayShift offer complete cracks of Apple security, other products offer law enforcement information in a different way. Textalyzer is a product that can allow police officers to view user activity on a targeted device. It catalogs keystrokes, app usage, and timestamps for law enforcement officers use. Using this service, police are able to download data from a suspect’s phone and analyze it within minutes.
While it is understood that security measures may get in the way of police investigations, the means to break standard security protocols are nothing to be trifled with. Allowing any subset of people to access personal information on the second subset of people is a slippery slope. The issue of security monitoring on personal devices has been contentious since the Patriot Acts I and II, yet we see no sense of ethics emerging around this issue from the government. For now, we are relying on corporations, like Apple, to uphold their user agreements. Companies like Cellebrite and GrayShift may serve their purpose, but we should all be wary of what those companies represent for the larger cohort.