The Federal Bureau of Investigation butted heads with Apple in 2016 and 2017 when the Cupertino company refused to build a backdoor into its iPhone handsets, which would allow law enforcement agencies to access locked devices at the expense of security for millions of iOS users. Fast forward to today and there’s a report that law enforcement now has access to an inexpensive software tool that accomplishes the same thing.
According to Motherboard, federal agencies and police forces across the country have been using a cheap tool called GrayKey thwart the encryption schemes of fully updated iPhone handsets. It even works on Apple’s most recent handsets, including the iPhone X running iOS 11, the most recent version of iOS. The software is being sold by a company called Grayshift, which offers two versions of GrayKey.
Security outfit Malwarebytes posted a picture of the actual device, which is a small box that measures 4 x 4 inches and has two Lightning cables sticking out of the front for connecting to iPhones.
“Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked. Some time later, the phones will display a black screen with the passcode, among other information,” Malwarebytes explains.
The length of time it takes to crack an iPhone varies by device—in some cases, it can be done in about two hours, and in other cases it can take several days for a six-digit passcode, Malwarebytes says. Longer passcodes presumably take even longer, though Grayshift’s documents don’t go into detail. However, the company does note that even disabled phones can still be unlocked.
Once unlocked, the contents of the filesystem get downloaded to the Graykey device, which law enforcement can access through a web-based interface. It’s not clear if Apple is taking any measures to break functionality with Graykey and other similar devices that might exist, but in the meantime, the fact that it works seems to weaken the government’s legal argument that Apple should be forced to build a backdoor.
“It demonstrates that even state and local police do have access to this data in many situations,” Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, told Motherboard. “This seems to contradict what the FBI is saying about their inability to access these phones.”
Interestingly enough, the FBI said last month that it was unable to unlock several thousand iPhone devices in its possession.