Police Can Now Access iPhone Data Using a Secretive Piece of Hardware
For several years now, a fierce debate has raged over how much access law enforcement organizations (LEOs) should be able to have to the mobile devices of those suspected of a crime. The issue made nationwide headlines after the San Bernardino attacks in 2015, when the FBI grappled with how to break into an iPhone used by one of the perpetrators. While the FBI did eventually retrieve device data by utilizing an unknown group to gain access to the phone’s encrypted contents, law enforcement agencies, in general, have maintained that they must have a “backdoor” to access info secured by your iPhone passcode. Apple has steadfastly refused to give in to such demands, but it appears that for now, those refusals don’t matter: LEOs can now use a pricey piece of hardware called GrayKey.
Developed and maintained by a very small Georgia-based company called Greyshift LLC, apparently led by a former engineer for Apple, GrayKey is a small black box with two Lightning cables for connecting suspect iPhones. After a few minutes of connection to the GrayKey box, one simply has to disconnect the cables and wait for the software to work.
Depending on the complexity of the user’s password, the GreyKey software will reveal iPhone passcodes in anywhere from a few hours to a few days. A passcode longer than 6 digits can take more than 3 days to crack according to the company. Once cracked, GrayKey then creates a complete dump of all the info on the phone, including the sensitive contents of the iPhone’s Keychain. Such access allows law enforcement a clear view of everything on the device.
GrayKey is currently available to law enforcement in one of two versions. The first, priced at $15,000, requires an Internet connection, has a limited number of uses, and can only be used in one location. The more expensive $30,000 version is usable offline with unlimited uses. The exact methodology for how the GrayKey box works is unknown, but it likely exploits iOS vulnerabilities not yet known to the public or perhaps even Apple.
While the company behind the GrayKey box seems to be going to great lengths to ensure only LEOs can use their device, it is not difficult to imagine a scenario in which such a device makes it into the wild — it’s happened before. For now, the average user doesn’t need to worry, though it is a concern we should keep in mind. This is another clear example of the ongoing conflicts between security, privacy, and the needs of law enforcement. So far, Apple has yet to comment on GrayKey’s existence, and the company may choose not to say anything until they’ve identified and fixed any potential vulnerabilities that allow it to function.