Cops Cracking iPhones Across the Country with GrayKey

An increasing number of police departments and federal authorities have bought devices that can unlock iPhones, according to a report from Motherboard. Using public-records requests, Motherboard determined that both local and regional police forces obtained units of a machine called GrayKey, and that the State Department has GrayKeys as well.

Credit: Tom's GuideCredit: Tom's Guide

Specifically, Motherboard names the Maryland and Indiana State Police, Miami-Dade police and the U.S. State Department as having purchased the device. Many others, including the Drug Enforcement Administration and other local polices forces, have received purchase quotes or have sent emails showing interest in purchasing it. The FBI refused to disclose to Motherboard whether it had purchased the machine.

GrayKey was detailed on the MalwareBytes blog back in March and works on iPhones, including the most recent iPhone 8 and iPhone X, up to at least iOS 11.2.5. (Whether it works with later versions of iOS is unknown.) A $15,000 version of GrayKey requires an internet connection and allows 300 unlocks, while the $30,000 version cracks as many iPhones as you would like.

MORE: Get Ready for a Huge iPhone 9 This Fall

For a six-digit passcode, it takes the device around three days to crack a single iPhone, but weaker numerical passcodes can be cracked in under two hours. Long alphanumerical passcodes will in all likelihood take much longer than three days to crack.

GrayKey. Credit: MalwareBytesGrayKey. Credit: MalwareBytes

In 2016, the FBI demanded that Apple specially write new code so that the agency could get into an iPhone used by one of the married shooters in the San Bernardino terrorist attack. Apple refused, which resulted in a long and ugly battle between Apple and the FBI over user privacy, which the FBI ultimately dropped when Apple wanted to let it go to court and the FBI found a (possibly Israeli) company that could get into the shooter's phone.

Ultimately, Apple may be able to patch whatever exploit GrayKey is using to crack iPhones. (The device seems to bypass Apple's restrictions on the number and frequency of wrong passcode entries.) But as Motherboard's full report (which you should read here) shows, law-enforcement agencies want to retain their (perfectly legal, with a warrant) access to suspects' mobile devices to aid in investigations, and the people over in Cupertino might not be too happy about that.

Create a new thread in the iPhone forum about this subject
5 comments
Comment from the forums
    Your comment
  • jwymanm
    Governments work for us the people. Not themselves.
  • pikoneal
    I don't understand what you mean by this comment.
  • no1kilo
    Government meaning the political parties and by extension the crooks are attempting, for personal gain, to use the power and authority of title and office for unscrupulous activity. The government is of the people, by the people, and for the people, which means the government's purpose is for us by us not for them by them.