'GrayKey' iPhone Unlocking Box Seeing Wide Adoption Among Law Enforcement

MacRumors

macrumors bot
Original poster
Apr 12, 2001
49,581
10,899



GrayShift's recently publicized "GrayKey" box designed to crack locked iPhones is seeing wide adoption among police forces and federal agencies across the United States according to a recent investigation by Motherboard.

Motherboard found that regional police forces like the Maryland State Police, the Indiana State Police, and the Miami-Dade County Police have purchased or are soon purchasing GrayKey technology, while other forces like the Indianapolis Metropolitan Police Department have looked into boxes and received quotes from GrayShift.



The Secret Service is also planning to purchase "at least half a dozen" GrayKey boxes for unlocking iPhones, while the State Department has already bought them and the Drug Enforcement Administration has expressed interest.

Current FBI Director Christopher Wray said in January at the International Conference on Cyber Security that law enforcement officials are facing a "Going Dark" challenge where an "enormous" number of cases rely on an electronic device. "We're increasingly unable to access that evidence, despite lawful authority to do so," said Wray.

Motherboard's investigation into GrayShift, the GrayKey iPhone unlocking boxes, and other smartphone unlocking methods suggest that is not the case. The FBI uses the going dark debate to advocate for easier access to electronic devices through backdoors, but the seemingly readily available tools like GrayKey undermine these arguments.
"It demonstrates that even state and local police do have access to this data in many situations," Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, told Motherboard in a Twitter message. "This seems to contradict what the FBI is saying about their inability to access these phones."

"The availability and affordability of these tools undercuts law enforcement's continual assertions that they need smartphone vendors to be forced to build 'exceptional access' capabilities into their devices," Riana Pfefferkorn, cryptography fellow at the Stanford Center for Internet and Society, told Motherboard in a Twitter message.
In recent months, law enforcement officials have been quietly revisiting proposals that would require tech companies to build backdoor access into smartphones and other electronics, something Apple vehemently fought against back in 2016 following the San Bernardino shooting where the FBI attempted to order the company to provide it with a tool to crack the iPhone 5c involved in the case.

As has been previously reported, the GrayKey mentioned by Motherboard is a small, portable gray box that's equipped with dual Lightning cables. An iPhone can be plugged into one of the cables to install proprietary software that's able to guess the passcode for an iPhone in either a few hours or a few days, depending on the strength of the passcode.

Once the GrayKey software has unlocked an iPhone, it can be plugged back into the GrayKey box to download all of the data on the iPhone. GrayKey can crack the latest iPhones running modern versions of iOS, including iOS 11, providing law enforcement officials with easy access to locked iPhones for criminal investigations.

Grayshift charges $15,000 for a GrayKey box that requires internet connectivity, is geofenced to a specific location, and allows for 300 unlocks, or $30,000 for a box that requires no connection, can be used anywhere, and can unlock an unlimited number of devices.

As Motherboard points out, the technology used in the GrayKey boxes may eventually be outdated through updates to the iOS operating system, leading to periods where some versions of iOS may be difficult to access. Because of the ongoing cat and mouse game of Apple patching a vulnerability as third-party iPhone cracking services look for new methods to get into iPhones, the argument for backdoors into smartphones is likely to surface time and time again.

Motherboard's full report on the iPhone unlocking tools available to law enforcement officials can be viewed over on the website.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: 'GrayKey' iPhone Unlocking Box Seeing Wide Adoption Among Law Enforcement
 

Merkie

macrumors 68020
Oct 23, 2008
2,109
682
At some point, non-law enforcement will have these too and then go wireless as well. We'll need one of those wraps people put their chip cards in just to stop the phone from being drained of info. Or....this is not going to be a big deal for most people.
I really doubt this will happen. First, almost no one cares about personal data, let alone enough to warrant purchasing a $15,000 dollar device. Second, your phone is probably worth more than your data, so why not just steal the phone in its entirety? Third, it takes a long time to crack your pass code. Fourth, it's not even possible to do this wireless. Fifth, Apple won't be sitting still and will take countermeasures with every iOS release.
 

agsystems

macrumors 65816
Aug 1, 2013
1,059
935
Surprised that Apple haven’t stepped up and announced a new security process doohickey that renders these boxes useless!
thank you - I am thinking this helps Apple's argument why they don't need back doors since these boxes are available. That's why they don't go all out an encrypt all iCloud data and they do make it available to law enforcement under subpoena - this way they can 'appear' to be helpful to the courts
 

OldSchoolMacGuy

Suspended
Jul 10, 2008
4,197
9,049
Waste of taxpayer money. It’ll be worthless in a few weeks. Also, everyone should enable wiping the phone after 10 failed attempts, also use a complex passcode
Simply not true. Since 2008 we've been selling law enforcement tools to unlock iPhones. We've even met with Apple's iOS security team and shown them these tools at work. They've done nothing to block them (directly) in updates. Sure, there are small modifications we have to make with new iOS updates, but the core tech is still the same as it has always been.

And setting to wipe after 10 attempts doesn't matter. It's not brute forcing in a way that will trigger that function.
 

prasand

macrumors 6502a
Mar 24, 2015
508
336
UES, New York
That's a lot of money being spent for a device that Tim Cook while reading this MR article, will say "let's address that" and will be made obsolete next week. Well, I guess they'll still be able to work on devices not updated (which will be many).
 

lkrupp

macrumors 65816
Jul 24, 2004
1,055
1,632
If i read correctly about this box it tries a sequence of pin numbers until it hits the right one. I can’t remember if the option to lock the iPhone after 10 tries is on by default or if the user has to turn it on. If it’s not on by default then I could see this working since most wouldn’t even know about this option. However, user who are aware of this security feature would sure turn it on if they planned to do bad things. Somebody set me straight on this.
 
  • Like
Reactions: OttawaGuy

now i see it

macrumors 603
Jan 2, 2002
5,524
11,259
Next version of iOS will inevitably make these gray boxes bricks. 5 more months until these boxes become worthless.
 
  • Like
Reactions: mosess

fenderbass146

macrumors 65816
Mar 11, 2009
1,102
574
Northwest Indiana
Simply not true. Since 2008 we've been selling law enforcement tools to unlock iPhones. We've even met with Apple's iOS security team and shown them these tools at work. They've done nothing to block them (directly) in updates. Sure, there are small modifications we have to make with new iOS updates, but the core tech is still the same as it has always been.

And setting to wipe after 10 attempts doesn't matter. It's not brute forcing in a way that will trigger that function.

Any proof of this? And who is "we"?
 
Last edited:

blackcrayon

macrumors 68020
Mar 10, 2003
2,055
1,587
If i read correctly about this box it tries a sequence of pin numbers until it hits the right one. I can’t remember if the option to lock the iPhone after 10 tries is on by default or if the user has to turn it on. If it’s not on by default then I could see this working since most wouldn’t even know about this option. However, user who are aware of this security feature would sure turn it on if they planned to do bad things. Somebody set me straight on this.
It isn't using the iPhone's user interface to enter the passcodes, so it isn't limited by any safeguards against wrong passwords. Even without the wipe feature, iPhones will take progressively longer to allow you to punch in codes manually. If this device were doing that, it would probably take years to crack a code.

It *does* seem limited by the complexity of your passcode though. If you use a 12 character alphanumeric code, i wonder if it still can do it in "days".
 
  • Like
Reactions: MrUNIMOG

StarShot

macrumors 6502a
Mar 31, 2014
970
360
Why are we even talking about this? Do a crime and pay the time. IF you're stupid enough to put evidence on your phone about criminal actions, you get what you deserve. Crack 'em all open, G-Men

FTAB6
 

AppleInLVX

macrumors 65816
Jan 12, 2010
1,100
527
Been using a long alphanumeric password ever since touch ID. This box is utterly useless.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.