Skip to main content

Cops Cracking iPhones Across the Country with GrayKey

An increasing number of police departments and federal authorities have bought devices that can unlock iPhones, according to a report from Motherboard. Using public-records requests, Motherboard determined that both local and regional police forces obtained units of a machine called GrayKey, and that the State Department has GrayKeys as well.

Credit: Tom's Guide

(Image credit: Tom's Guide)

Specifically, Motherboard names the Maryland and Indiana State Police, Miami-Dade police and the U.S. State Department as having purchased the device. Many others, including the Drug Enforcement Administration and other local polices forces, have received purchase quotes or have sent emails showing interest in purchasing it. The FBI refused to disclose to Motherboard whether it had purchased the machine.

GrayKey was detailed on the MalwareBytes blog back in March and works on iPhones, including the most recent iPhone 8 and iPhone X, up to at least iOS 11.2.5. (Whether it works with later versions of iOS is unknown.) A $15,000 version of GrayKey requires an internet connection and allows 300 unlocks, while the $30,000 version cracks as many iPhones as you would like.

MORE: Get Ready for a Huge iPhone 9 This Fall

For a six-digit passcode, it takes the device around three days to crack a single iPhone, but weaker numerical passcodes can be cracked in under two hours. Long alphanumerical passcodes will in all likelihood take much longer than three days to crack.

GrayKey. Credit: MalwareBytes

(Image credit: GrayKey. Credit: MalwareBytes)

In 2016, the FBI demanded that Apple specially write new code so that the agency could get into an iPhone used by one of the married shooters in the San Bernardino terrorist attack. Apple refused, which resulted in a long and ugly battle between Apple and the FBI over user privacy, which the FBI ultimately dropped when Apple wanted to let it go to court and the FBI found a (possibly Israeli) company that could get into the shooter's phone.

Ultimately, Apple may be able to patch whatever exploit GrayKey is using to crack iPhones. (The device seems to bypass Apple's restrictions on the number and frequency of wrong passcode entries.) But as Motherboard's full report (which you should read here) shows, law-enforcement agencies want to retain their (perfectly legal, with a warrant) access to suspects' mobile devices to aid in investigations, and the people over in Cupertino might not be too happy about that.

  • jwymanm
    Governments work for us the people. Not themselves.
    Reply
  • pikoneal
    I don't understand what you mean by this comment.
    Reply
  • no1kilo
    Government meaning the political parties and by extension the crooks are attempting, for personal gain, to use the power and authority of title and office for unscrupulous activity. The government is of the people, by the people, and for the people, which means the government's purpose is for us by us not for them by them.
    Reply
  • kenn.sangster
    Four score and seven years ago.......blah, blah, blah....please explain the relevance of your comments; as its seems the governments in the articles using it to enforce the law. Specifically, the FBI needed access to locate evidence of a terrorist attack....so to your comments without context, I say again, blah, blah, blah, blah.....
    Reply
  • no1kilo
    The cops are not enforcing the law. A warrant is needed to access a phones data and by getting a backdoor key to unlock phones they bypass the warrant requirement. The only way a backdoor key would be viable is if that key is issued as needed by a Judge. Any system of unlocking data in police control opens the door to abuse is the worst way. No government official beyond a Judge should have that tool at their disposal since they are habitual liars and frequently overreach, often for personal gain.
    Reply