New iPhone unlocking device could be used by law enforcement
Since the events of the San Bernardino shooter, governments and police agencies have been in search of technology capable of cracking locked iPhone’s, after Apple refused to cooperate with authorities in unlocking the shooters phone. Apple released a statement saying that cooperating with authorities by giving up the key to unlock their phone is a slippery slope they did not want to set any precedent for. While some felt Apple was aiding and abetting a felony, others saw the move as dangerous, threatening to compromise the security of law-abiding citizens.
However, a company called Grayshift has risen to climb to the top of mobile security, dethroning Apple from their moral high ground. The Georgia-based company announced a product called GrayKey, a new iPhone unlocker that circumvents Apple’s encryption. Grayshift was founded in 2016, and is a privately-held company with less than 50 employees. When GrayKey was announced, little was known about the product, as the website portal was password protected and only allowed entry after being screened for law enforcement affiliation. According to Forbes, the device is marketed toward in-house use at law enforcement offices or labs. The technology was developed after Grayshift hired a former Apple engineer.
The device is a gray box four-inches wide by four-inches deep and has two lighting cable connectors protruding from the front. Two iPhones can be connected at one time, and are plugged in for several minutes. After this, they are disconnected, and eventually they will display a black screen with the passcode, along with other various information. The exact time of how long it takes to crack the phone is not mentioned, but with longer passwords, it can take up to three days.
GrayKey comes in two different models. The first is a $15,000 option that requires an internet connection to function, and is enforced with geofencing, meaning once it is set up, it cannot work on any other network. The second option is a more expensive $30,000 model that requires no internet connection, and has an unlimited number of unlocks.
The GrayKey is a huge win for law enforcement, who will now be able to access any information on confiscated devices that may have evidence on them. However, there are implications that have the potential of affecting law-abiding citizens. There is the possibility of the unlimited model being stolen and sold on the black market. This would give criminals the ability to unlock and resell stolen phones, in addition to gaining access to high-value data on these phones.
There is also the concern of what happens to the phone after it is unlocked using the device. What if law enforcement unlocks a suspect’s phone, then returns it: is the phone now open to remote access? These questions are yet to be answered, but the underlying idea of this device undermines a very important aspect of the U.S. judicial system: suspects are innocent until proven guilty.
According to an investigation by Motherboard, they found that GrayKey is seeing widespread adoption by law enforcement agencies across the country. Regional police forces like the Maryland Police, the Indiana State Police, and the Miami-Dade County Police have all purchased or plan to purchase GrayKey devices. The Secret Service has said they plan to purchase “at least a half-dozen” devices, while the Drug Enforcement Agency and the State Department also have plans to purchase them.