There Is No Going Dark: Another Vendor Selling Tool That Cracks All iPhones

from the FBI's-dystopian-fiction-develops-another-plot-hole dept

The FBI continues to push its “going dark” theory. It’s not interested in the truth. It would rather have a legislative mandate or a string of favorable court decisions than utilize options vendors have made available. These are the candles the FBI will forgo to publicly curse the darkness. A recent Inspector General’s report made it crystal clear: those charged with finding a way to crack open the San Bernardino shooter’s cell phone slow-walked their search in hopes of ending up with a judicial mandate forcing Apple to crack its own encryption.

The complaints about the darkness continue, even as vendors like Cellebrite have shown they can crack any iPhone given enough money and time. There are solutions out there, but the FBI doesn’t want them. Cellebrite isn’t the only company with an iPhone crack for sale. As Joseph Cox reports for Motherboard, another device has surfaced that can brute force its way past iPhone lock screens. The FBI may continue its disingenuous push for weakened encryption, but law enforcement agencies around the nation are more than willing to pay for a solution that doesn’t involve Congressional reps or federal judges.

Grayshift has been shopping its iPhone cracking technology to police forces. The firm, which includes an ex-Apple security engineer on its staff, provided demonstrations to potential customers, according to one email.

“I attended your demo presentation recently held at the Montgomery County Police Headquarters and was pleased by your product’s potential,” an Assistant Commander from the Technical Investigations Section at the Maryland State Police wrote in an email to Grayshift in March.

The GrayKey itself is a small, 4×4 inches box with two lightning cables for connecting iPhones, according to photographs published by cybersecurity firm Malwarebytes. The device comes in two versions: a $15,000 one which requires online connectivity and allows 300 unlocks (or $50 per phone), and and an offline, $30,000 version which can crack as many iPhones as the customer wants. Marketing material seen byForbes says GrayKey can unlock devices running iterations of Apple’s latest mobile operating system iOS 11, including on the iPhone X, Apple’s most recent phone.

According to documents obtained by Motherboard, multiple state and local law enforcement agencies have purchased Grayshift’s device. The documents also show many agencies expressing an interest in picking up a GrayKey, including some at the federal level, like the DEA and, oddly enough, the FBI. The FBI doesn’t appear to have acquired one yet, but if that’s the case, it’s lagging behind local PDs with less funding and tech expertise. It’s also trailing the State Department, which has already acquired at least one of the devices.

The device comes in two flavors: an online version with a fixed number of unlocks or an offline version that retails for twice as much ($30,000) but can be used as often as the purchaser wants (or until Apple fixes the vulnerability, whichever comes first). The brute force method deployed takes anywhere from 2 hours to several days, depending on passcode complexity.

“Going dark” is a convenient lie. The FBI has been deliberately misconstruing reality for a couple of years now, beginning with then-director James Comey’s coining of the phrase. Even while Comey was peddling his “going dark” theory to security researchers, Congressional reps, and federal judges, the FBI was rarely having trouble accessing device contents. In 2016, the FBI admitted it could access the contents of passcode-protected devices 87% of the time. Somehow, despite only incremental changes in encryption offerings, the small number of locked devices has grown from ~880 to over 7,000 in two years. This suggests FBI officials are more interested in generating a “going dark” narrative than actually deploying available tech to access contents of seized devices.

The existence of another device capable of cracking iPhone encryption should be good news for the FBI. Other law enforcement agencies apparently view this as a plus. The downside for those not employed by the government is that there’s a vulnerability in iPhones Apple hasn’t fixed yet. And, given the intense secrecy surrounding vendors of exploits, we have no idea how many governments have purchased iPhone-cracking devices. It’s unlikely Hacking Team is the only exploit vendor selling to authoritarian governments and UN-blacklisted countries. It’s just the only one to have been caught doing it. An exploit is an exploit and it will be used by the good and the bad.

Not that relegating it to “good” law enforcement agencies is necessarily a huge improvement. Authoritarian regimes may use tools like this to go after critics and stifle dissent, but let’s not forget the FBI has a long history of doing exactly the same thing under the guise of protecting public safety. And, at this point, the FBI isn’t being honest about its weapons stockpiles during this Crypto Cold War. Sure, it needs to retain some sort of tactical advantage — whether it’s pursuing bad guys or legislation — but it should never be granted full credibility when it talks about thousands of unlocked phones, the coming darkness, and how much security we should be forced to give up in the name of public safety.

Filed Under: , , , , , ,
Companies: apple, cellebrite, grayshift

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “There Is No Going Dark: Another Vendor Selling Tool That Cracks All iPhones”

Subscribe: RSS Leave a comment
Richard (profile) says:


The choice of the San-Bernardino case for this exercise is telling.

It was very high profile and nasty – allowing the FBI to tug strongly on the heart strings of anyone who might be tempted to oppose them. On the other hand the actual data they were looking for was pretty much moot – the perpetrators were dead – and anyone with a brain could tell that there were highly unlikely to be any unknown but direct associates out there that needed stopping from further atrocities.

Hence the process could safely be delayed whilst the court processes took place.

Anonymous Coward says:

Re: Interesting

They also destroyed their own personal phones and HDD. This other phone was a company phone. In the end, there wasn’t anything on it. They already got any data on Apple’s iCloud account. Apple does have the keys for that and does hand out that data.

This is another case where you should be using a longer passcode and turn on auto-wipe after so many failed attempts. A 4 digit code they can brute force pretty quickly, even 6 digits, doesn’t take much longer.

You do notice all this talk about breaking into iPhones, yet never hear about trying to breaking into Android phones. Seems security on those are a joke.

Anonymous Coward says:

Re: Re: Interesting

This is another case where you should be using a longer passcode and turn on auto-wipe after so many failed attempts. A 4 digit code they can brute force pretty quickly, even 6 digits, doesn’t take much longer.

There’s a retry timer that makes bruteforcing take a long time (doubling on each retry, so 2^1000 seconds for a 4-digit code). If they can get around that, they can get around "auto-wipe" too; they’re both features implemented in the firmware, because they’re no physical basis for either (i.e., the electrons are there, and with enough work the data they represent can be copied into hardware that gives unlimited fast retries).

Apple has tried to make it difficult to copy the data, so far with limited success. Look at the history of satellite smartcard hacking to see the future of this.

btr1701 (profile) says:

Re: Re: Re:

I’d hate to be the local PD that dropped $30,000 of its budget on one of these things only to have Apple fix the vulnerability a week later.

Now the chief has a $30,000 paperweight for his desk.

Next thing: Suing Apple and trying to hold them liable for damages for fixing exploits in their own software because it bricks these expensive work-arounds the cops are spending so much money on.


Re: Ever brag about how any DRM will be defeated?

This is the flip side of smugly declaring that no content protection mechanism like DRM will ever survive being attacked by a planet of hackers. The same principle applies to whatever is protecting your own personal files and your own personal communications.

Anonymous Coward says:

Re: Re: Ever brag about how any DRM will be defeated?

Kerckhoffs’s principle suggests otherwise: "A cryptosystem should be secure even if everything about the system, except the key, is public knowledge."

What DRM system has ever survived that? Lots of crypto algorithms have.

Obviously Apple needs to keep it in mind too. Their security code should have never been secret (it was recently leaked).

Mark Roy says:

True, for now, but ....

I don’t support encryption backdoors. But the argument that “going dark is a convenient lie” is only true in the short term, isn’t it?. I assume that Apple’s already working on plugging whatever holes are allowing these cracking tools to work. So, their usefulness will be short-lived, I expect.

Anonymous Coward says:

Re: True, for now, but ....

The whole going dark is a joke. People are throwing in Amazon Echo’s and Google Home Devices so they the GOvernment doesn’t even have to go into your house and plant mics, you’re doing it to yourself. You have Camera’s, which many of them they can gain access to.

If anything, they can spy on people easier these days than ever before. Going dark is a myth. Besides. 99% of the population shouldn’t give up their privacy, for the 1% of criminals they’re after.

Anonymous Coward says:

Re: True, for now, but ....

No, it’s true in the long term as well. There will always be an exploit. Tech is only as good as the humans that make it and humans are error prone and routinely make mistakes. Not to mention there is no way to test every conceivable possible chain of events that makes some of these exploits viable. Patch one exploit and eventually someone will come up with a new one to take its place.

There will always be a way in. The question is, will it be a door with a bright neon sign saying “I’m an easy target!” with a simple padlock on it, or will it require the equivalent of an Ocean’s 11 or Mission Impossible team, people with highly specialized skills and access to resources that your common thief and script kiddie doesn’t?

Anonymous Coward says:

Re: Re: Re: True, for now, but ....

Sorry for the confusion, I’m arguing for strong encryption (not “responsible” encryption). My comment was replying to the AC’s assumption that long term devices will go dark. That’s the idea but will never happen in reality as there will always be an exploit someone missed to take advantage of.

The door with the bright neon sign over it is representative of the encryption backdoors the FBI wants tech companies to put in. While the other option represents a lot of time and effort put in by dedicated hackers or state actors to try and find a way to break into a strongly encrypted device/system that may or may not be known or exist. One is dumb and stupid, the other is sadly a fact of life and tech development.

Anonymous Coward says:

Re: True, for now, but ....

The future is only “dark” in relation to the last 10 years. Before that, all this data that the FBI wants simply didn’t exist. Conversations were ephemeral, unless the phone was already tapped or the location was already bugged. People did not have photos of every waking hour, and did not create tens or hundreds of written messages per day. Most people were not saving unimportant decade-old data.

Anonymous Coward says:

Cracking an iPhone is easy

Go to the top of a tall building. Lean out over the railing. Yell “Look out below!” Drop iPhone over the railing. Climb down to sidewalk and retrieve cracked iPhone. Simple. Easy. Takes a few minutes, and no special skills or tools. For those in a particular hurry, a hammer can be used instead of a sidewalk, but care must be taken to strike the phone instead of the surrounding surface.

David says:

That's still going dark

Light means you can look where you want to and see. It doesn’t mean you can ask a judge to sign off on payment for flashing a light at a particular spot. This is mostly useless for mass surveillance and makes circumventing the Fourth Amendment (which declares darkness the default for government agencies rifling through personal assets) unreasonably cumbersome.

SteveMB (profile) says:

Targeted Investigation vs Mass Surveillance

There are all sorts of ways to get into private files if you’re willing to expend time and effort — hacks like GreyKey, spyware to caputre inputs and outputs outside the encryption envelope, hidden shoulder-surf cameras, etc.

There is thus no real “going dark” problem for the sort of *limited* access based on *individual suspicion* that the police are *supposed* to be doing. The problem is that the police want to be able to spy on everybody, and these techniques simply don’t scale up sufficiently to enable that.

Anonymous Coward says:

Let em in I say
Just makes the needle in the Haystack that much harder to find .
The Show must go on yes ?
No one no where is truly safe
Once they zero in on anyone person said persons life is basically over as they have hoovered up so much information they just need a target to unleash on.

Its like getting caught speeding , everyone does it just sucks to be you when randomly caught ,except here its not random when they target you and there is no fine and you go on your merry way .

So little hamsters keep going round on the wheel and
be ignorant of everything else out side your cage
cause your just where they want you to be ……..
chasing that cheeze

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...