'GrayKey' iPhone Unlocking Box Used by Law Enforcement Shown Off in Photos

[HobeSoundDarryl]

Not storing sensitive information defeats much of the purpose of a smartphone in the first place.

No it doesn't. Storing sensitive information is just one, arguably smallish feature of smart phones. Mankind found ways to protect & store their secrets for thousands to tens of thousands of years BEFORE the very, very recent invention of the smart phone and those methods worked just fine.

Now, we want to put secrets we're terrified about falling into the bad guy's hands in a tiny mobile device that moves around with us and readily gets lost, stolen, gets left behind, etc??? Even when we see story after story about entities being able to get into such mobile devices and access such information, our reaction is always how wrong they are for doing that, how what they are doing is illegal (or should be), how they should be prosecuted, and on and on instead of taking the simple action that would completely nullify them and all like them: don't store your super secrets on a mobile device. Do that and they can hack 1000 alternative ways into your mobile device and get nothing for their troubles.

OR we can keep whining about prosecution, ethics, law, etc as if we expect group whine to stop the bad guys from doing what they are doing. What is their motivation? Demotivate them by taking away the prize(s) they seek. We could all do that without Apple having to do anything, without having to buy a new phone or upgrade to a new version of the OS, without having to put more steps between us and using our tools in hopes that those additional steps can thwart the rare time that it's our own device in the bad guy's hands, etc.

OR store very sensitive secrets on a mobile device and then whine when such news flows and whine when your device is lost and the bad guys are exploiting access to your secrets.

Yes, there are going to be further security holes. That doesn't mean this particular one isn't concerning or shouldn't be patched.

I didn't say that at all. Of course, it should be patched. But every patch just leads to a new (security) hole (exploit). So, we strive for some kind of false or temporary sense of security at best when we can eliminate the entire issue ourselves by simply not storing super secret info we don't want others to be able to access on something so relatively easily accessed.

 

[justperry]

Yeah... no. 6 digits only has 10^6 (1 million) possible combinations. That's almost trivial to break. Even as slow as 10/second it would only take an average of (1M*600/minute)/2 = about 14 hours to crack.

The vast majority of people really don't have anything to worry about... for 2 reasons (1) The chances of your phone getting picked up by law enforcement is slim. (2) The chance that particular law enforcement entity HAS a GreyKey is slim.

That said, this should still give us all cause for concern and I sincerely hope Apple is figuring out how to eliminate this threat... because that's exactly what it is.

I agree with you, especially the second paragraph.

 

[manu chao]

In two minutes in the bathroom you're not going to get locked out for longer than 5 minutes, to be locked out for DAYS someone will have to be trying to play around with the password for at least an hours to escalate it that far.

It doesn't even let you try to guess till the next timeout has expired, so you can't just instantly escalate it to days.

In France, a baby/small child recently managed to get the timeout to escalate into the millions of minutes (40+ yr).

 

[Chupa Chupa]

It can't be any surprise that the product is available. But it also won't be a surprise if Apple buys a copy, reverse engineers it and update iOS to block it. Let the cat and mouse game begin. As long as Apple continues to refuse to build-in a backdoor all is fair in love and war and encryption.

Hello Apple,

When you bought an Israel company that specialises in chip design ....and then another Israeli company comes out that can hack the the latest iOS.......take the hint...

Most likely your chip has been compromised. No amount of iOS updates.

What exactly be the hint? The only hint I see is an anti-semitic comment. Not sure if that was your intent but that's the smell your post gives off. Practically every industrialized country has tech firms that create encrypted products and firms that work to unencrypt them. Some are better at it than others. Sorry, but it's not some Israeli cabal, it's just a business model that is played out in countries world-wide.

 

[justperry]

Well, you can be damn sure that the manufacturer of this box will not sell it to Apple (and neither are government agency very likely to give one they bought to Apple).

There are always ways to get one, if not legal then illegally, you think Apple won't do any illegal!?

 

[chucker23n1]

Are all 9 million Israelis chip designers and software experts??

My point exactly.

 

[manu chao]

No it doesn't. Storing sensitive information is just one, arguably smallish feature of smart phones. Mankind found ways to protect & store their secrets for thousands to tens of thousands of years BEFORE the very, very recent invention of the smart phone and those methods worked just fine.

Tons of information on smartphones is sensitive information. Anything stored digitally that is accessed via email, or mobile phone access is vulnerable. Any personal information is potentially sensitive, your bank account number, credit card number, social security number.

 

[justperry]

The joke flew over your head. It’s ok. We can’t all be the brightest bulbs. lol

It wasn't funny, if that was the case then why is only one reader upvoting your supposed to be joke.
And I got multiple upvotes.
Resorting to insults is also not done.

 

[dewski]

This is good news for police and citizens I don't care what yall say. I would like us to be able to get into phones of criminals and the deceased.

 

[HobeSoundDarryl]

Tons of information on smartphones is sensitive information. Anything stored digitally that is accessed via email, or mobile phone access is vulnerable. Any personal information is potentially sensitive, your bank account number, credit card number, social security number.

So before we had the wonders of smart phones, how did mankind keep that kind of information from the bad guys? How did your parents, and their parents, and their parents... and on and on and on manage to keep the bad guys from getting that same kind of (their) information and exploiting them?

 

[manu chao]

There are always ways to get one, if not legal then illegally, you think Apple won't do any illegal!?

If Apple already has the box, why hasn't it fixed the vulnerability? And I am sure that the level of criminal mischief of 'really bad people' is at least a little bit higher than that of Apple, meaning that the 'really bad people' will get access to that box before Apple gets it.

 

[justperry]

I use 7. Just for the reason that the box to type it doesn’t give away the length of the passcode.

Smart and a good tip, thanks.

 

[manu chao]

So before we had the wonders of smart phones, how did mankind keep that kind of information from the bad guys?

They did not store it on stuff that was network-accessible and they did not store it on stuff that they carried around with them all the time. And they did not store it all in one single physical place/object. Sure, some of it they carried around (like the credit card, but then not necessarily all their credit cards). But a lot of other things they didn't carry around with them.
[doublepost=1521203501][/doublepost]

I use 7. Just for the reason that the box to type it doesn’t give away the length of the passcode.

Though anybody writing the software to crack the passcode would likely try 7-digit codes next after having tried all 6-digit codes.

 

[HobeSoundDarryl]

They did not store it on stuff that was network-accessible and they did not store it on stuff that they carried around with them all the time. And they did not store it all in one single physical place/object. Sure, some of it they carried around (like the credit card, but then not necessarily all their credit cards). But a lot of other things they didn't carry around with them.

Exactly and that's what I offered up as the very best way to foil this particular issue. We have a couple hundred posts of whine about legality, ethics, how they should be tracked down and prosecuted, how Apple should buy a box and patch this exploit, etc. as if any of that can solve this particular problem. It doesn't.

Wave a wand and make this exploit fail right now. Another simply follows. Why? Because the prize is worth the trouble of figuring out such exploits. Take away the prize and the motivation to work on such exploits goes away. In other words, if there's nothing that secret stored on our mobile devices, the market for a $30K box to get at that nothing probably plummets. The motivation to create GrayKey 2, then GrayKey 2 XL, then GrayKey 3 Super Duper with Pentranium, etc evaporates.

We can drive that evaporation as a group by simply deciding to eliminate the prize on our mobile phones. But, if we can't get the group to use such common sense, we can still take care of ourselves by opting to do it on our own phone. Then, if our phone is lost or stolen, the hassle is merely the loss of the device. We don't have to also sweat the secrets we chose to store therein getting into the wrong hands.

 

[zulkiflim]

It can't be any surprise that the product is available. But it also won't be a surprise if Apple buys a copy, reverse engineers it and update iOS to block it. Let the cat and mouse game begin. As long as Apple continues to refuse to build-in a backdoor all is fair in love and war and encryption.




What exactly be the hint? The only hint I see is an anti-semitic comment. Not sure if that was your intent but that's the smell your post gives off. Practically every industrialized country has tech firms that create encrypted products and firms that work to unencrypt them. Some are better at it than others. Sorry, but it's not some Israeli cabal, it's just a business model that is played out in countries world-wide.

It is weird when ever Israel is mentioned it always comes off an anti semitic....

So if i say if Apple used South Korean designers and South Koreans then sell a box that can decrypt it....Am i anti asian then ??

The hint is simple, apple need to hire a lot of experts to double and triple check chip design in the future.
Just like Intel is doing now.

 

[manu chao]

Exactly and that's what I offered up as the very best way to foil this particular issue. We have a couple hundred posts of whine about legality, ethics, how they should be tracked down and prosecuted, how Apple should buy a box and patch this exploit, etc. as if any of that can solve this particular problem. It doesn't.

Wave a wand and make this exploit fail right now. Another simply follows. Why? Because the prize is worth the trouble of figuring out such exploits. Take away the prize and the motivation to work on such exploits goes away. In other words, if there's nothing that secret stored on our mobile devices, the market for a $30K box to get at that nothing probably plummets. The motivation to create GrayKey 2, then GrayKey 2 XL, then GrayKey 3 Super Duper with Pentranium, etc evaporates.

We can drive that evaporation as a group by simply deciding to eliminate the prize on our mobile phones. But, if we can't get the group to use such common sense, we can still take care of ourselves by opting to do it on our own phone. Then, if our phone is lost or stolen, the hassle is merely the loss of the device. We don't have to also sweat the secrets we chose to store therein getting into the wrong hands.

Sure, stop using email for any potentially sensitive stuff. Or any electronic communication. Have you ever mentioned your credit card number in any of your emails? Keep filing tax returns in paper form. Never buy anything online that requires payment via a non-physical way (sending a paper cheque would work).

 

[HobeSoundDarryl]

Each person can choose what they consider too sensitive to store and not too sensitive.

Else the mirror extreme is: "sure, store every sensitive piece of information you have on a tiny mobile device that roams wherever you go, is easily lost or stolen, then hacked delivering all of your sensitive info to the bad guys."

Again, step back barely 15+ years to before there were smart phones. Did our parents and theirs, and theirs, etc write down every piece of their sensitive info on a piece of paper or card and carry it wherever they traveled? Maybe the smarter parents would encrypt such writing with some kind of "unbreakable" code but still carry every piece of sensitive info about themselves around with them wherever they would go?

Lose or have your credit card stolen and that can be remedied as soon as you can call the credit card company. It's relatively easy to kill the potential exploit there as fast as you can get to a phone.

The "buying online" issue is also typically at risk via the credit card used, so again, a phone call remedies much of that risk as well. If something bought online requires you to fill out something that shares more sensitive info (like soc sec. number, etc) that you can then revisit on "my account" screens and similar, you should be more cautious about buying that way with the "key" to accessing such information being the mobile device you carry around.

Lose or have your tax returns fall into the wrong hands and the information therein can lead to exploit after exploit for up to the rest of your life.

Point: choose wisely if you want to store sensitive info on your mobile device. The more sensitive the info, the more you should question why you want to put in on something so readily lost, stolen and then hacked.

This whole issue can be resolved by us as individuals by applying simple common sense. The alternative is expecting other players to deliver complete and unbreakable security (pie in the sky if there ever was one) and/or expecting the bad guys to stop being bad. We can whine, cry, want prosecution, want gov actions, etc all we want but the bad guys keep on rolling anyway. Foiling them is as simple as taking away the prize(s) on your mobile device. If lost or stolen, about all they get is a device, not a lifetime accumulation of key secrets to rob you blind and destroy your life.

 

[gavroche]

It's one or the other. If this company only sells to law enforcement then Apple won't be able to get one. It also means criminals won't be able to get one either. If these are easy for regular people (or criminals) to get, then Apple will also be able to get one and it'll be patched.

You can't have your cake and eat it too (worry that everyone and their dog will be cracking open iPhone AND that Apple won't be able to patch it).

You are suggesting that Apple and criminals (or foreign governments) would use similar tactics to obtain one. So if Apple was not willing to send rogue agent to break into some police station to steal one, the Chinese government (or any group that wants to supress its citizens, etc) wouldnt either?
[doublepost=1521206275][/doublepost]

iOS security lol

I had been impressed to have made it down to page three before coming to posts that rather than weigh in on a serious topic just take a swipe at Apple.

 

[Doomtomb]

This sounds like a simple brute force device. Apple could toughen security if they forced alphanumeric keycodes instead of just numeric.

 

[supremedesigner]

As if Apple would try to acquire one that way. They don't even usually buy real estate for Apple Stores directly.

What do you mean by this: They don't even usually buy real estate for Apple Stores directly.

Is it similar to purchasing high profile domains (such as iphone.com and icloud.com) thru other "3rd party" company?

 

[okwhatev]

Lol. Can’t believe some of the theories and posts here. I’m sure this does exist. But it’s not copying to the device but rather pulling from the device an Apple filesystem screenshot or partial clone of the device from the device and then bruteforce/stragitcally guessing the password using the clone. This easily bypasses all security because you’re making virtual copies of the copies (in software) and guessing passwords on the clones which are discarded and rebuilt as the software guesses. This is done in millionths of a second. Unknown is if it does it on the device (box) or the box itself transmits all of this to the cloud via its own secured cellular system (much more likely) and is done on the companies own super network.

It’s able to easily copy the exact files it needs to do the guess work from a locked phone because of obvious baseband level exploits that someone who worked in iOS security would have access to. Also knowing the exact part of the system where the encrypted key lay as well as the exact hashes and parts to copy would be already known, so it would just be a matter of plugging the phone in, pulling this info from the attached phone (using iTunes-like baseband level protocol permissions) sending the small amount of data to their servers to be intelligently hammered, and then relay it all back to the phone when done. The interface shown on the locked phone looks visually like it’s being pulled from the commcenter ... not really iOS but iOS relaying info from the baseband directly like if you type a special carrier code into the dialer of an iPhone.

Sorry but this cannot be fixed with a patch. You’d literally have to change the entire way the iPhone’s cellular system works from the ground up. Apple has the resources to do it, but it will take a tremendous amount of time to pull off a job like that.

 

[jweinraub]

Which is one reason why I use a password instead of a PIN.

 

[citysnaps]

It’s obvious Apple has agreements with governments for backdoor access and governments in return have been prepared to overlook their tax arrangements — neither of which are in the best interest of consumers. Equally obvious that there always has and always will be backdoors to unlock an iPhone.

Apple could make the iPhone near impenetrable if they wanted to. It shouldn’t be that hard. But they don’t want that. They want a sufficient level of security (or apparent security) to keep most people happy while allowing those who want or need access (including themselves) a way in.

Passcode entry should only ever be via the touch screen and it should never be possible to run software on a locked phone. A locked phone should be capable of receiving power only. These are pretty simple things they could implement fairly securely but have obviously chosen not to.

When companies tell you they care about privacy and security don’t believe them. If they did they’d at least ship devices with the maximum possibly security and privacy settings enabled by default, but they don’t.

Since it's not obvious to me, could you provide reliable citations backing up your assertion? Thanks...

Also, looking at the underlying source article by Forbes, without any confirmed information, I wouldn't jump in and automatically believe this story.

Stated by Forbes: "Forbes has not been able to verify the company's claims and given it's a new, unproven entity, it's hard to say how far the marketing material should be trusted."

Well, there you go.

Kind of amazed how people are willing to believe anything just because it was reported on the internet.

 

[simonmet]

Lol. Can’t believe some of the theories and posts here. I’m sure this does exist. But it’s not copying to the device but rather pulling from the device an Apple filesystem screenshot or partial clone of the device from the device and then bruteforce/stragitcally guessing the password using the clone. This easily bypasses all security because you’re making virtual copies of the copies (in software) and guessing passwords on the clones which are discarded and rebuilt as the software guesses. This is done in millionths of a second. Unknown is if it does it on the device (box) or the box itself transmits all of this to the cloud via its own secured cellular system (much more likely) and is done on the companies own super network.

It’s able to easily copy the exact files it needs to do the guess work from a locked phone because of obvious baseband level exploits that someone who worked in iOS security would have access to. Also knowing the exact part of the system where the encrypted key lay as well as the exact hashes and parts to copy would be already known, so it would just be a matter of plugging the phone in, pulling this info from the attached phone (using iTunes-like baseband level protocol permissions) sending the small amount of data to their servers to be intelligently hammered, and then relay it all back to the phone when done. The interface shown on the locked phone looks visually like it’s being pulled from the commcenter ... not really iOS but iOS relaying info from the baseband directly like if you type a special carrier code into the dialer of an iPhone.

Sorry but this cannot be fixed with a patch. You’d literally have to change the entire way the iPhone’s cellular system works from the ground up. Apple has the resources to do it, but it will take a tremendous amount of time to pull off a job like that.

Interesting. But how does the network-free version work if it can’t send data to a command centre?

 

[manu chao]

You are suggesting that Apple and criminals (or foreign governments) would use similar tactics to obtain one. So if Apple was not willing to send rogue agent to break into some police station to steal one, the Chinese government (or any group that wants to supress its citizens, etc) wouldnt either?

For some people, everything is binary. Either only good governments have access to the box or everybody with enough money has access to it. Reality is not quite like that.