FAQ | How Can the Government and Police Hack Into Locked iPhones?

There’s no question that the iPhone is one of the most (if not the most) secure smartphones worldwide, but that doesn’t mean it can’t be hacked.

Unfortunately, there are a few ways someone can hack into your iPhone and get your data. The bad news is that many law enforcement agencies and police departments have gotten their hands on these methods so they can retrieve information from basically anyone.

A prime example is the infamous GrayKey device, a small machine capable of cracking the passcode on your iPhone and retrieving all types of information.

For the most part, GrayKey has been a bit of a controversial mystery, but recently we’ve found more information about how it works.

Here’s what you need to know.

What’s GrayKey?

GrayKey is a hacking device developed by Grayshift, a company based in Atlanta that aims to help the government and police.

As Grayshift puts it, GrayKey is “a state-of-the-art forensic access tool that extracts encrypted or inaccessible data from mobile devices.”

What makes GrayKey so popular is that it actually is one of the best tools to hack into iPhones and Apple devices. So much so that it’s been reported to be used by police departments on several occasions.

If you believe this makes Android devices more secure, think again. Earlier this year, Grayshift announced that GrayKey would also work with “leading Android mobile devices,” like the Samsung Galaxy S20 and the Samsung Galaxy S9, although we wouldn’t call the latter a leading Android device anymore.

How Does GrayKey Work?

Until recently, we didn’t have many details on how the police can use GrayKey to hack into locked iPhones. Grayshift had done a pretty good job keeping the process to itself. But a recently leaked document showcases how GrayKey can use a brute force method to access any iPhone.

These documents were allegedly written by the San Diego Police Department.

According to these documents, once you plug GrayKey into an iPhone, it’ll detect the alphanumeric passcode and try to install an agent that will use a text file with over 63 million passwords until it finds the passcode to unlock the iPhone. This process could take a really long time. According to the leaked document, this process can take up to 183 days to process the entire list. That’s why we recommend you stop using these easy-to-guess iPhone passcodes.

What’s even cooler—or should we say scarier—is that the analyst using GrayKey could also install something the leaked documentation calls hideUi, an app that will secretly run on a person’s iPhone and record the user’s passcode. That way, if the GrayKey analyst can’t hold the iPhone or iPad for a long enough time, they have another way to find out the suspect’s passcode.

Apple vs. GrayKey

Apple has been in somewhat of a cat-and-mouse game with Grayshift. Apple has been working really hard to make the iPhone’s security stronger so GrayKey can’t hack it, but Grayshift has always found ways to GrayKey work.

Privacy and making sure your data stays private has always been one of Apple’s goals, so the company is always looking for ways to lock GrayKey out.

Back in 2018, there was news that Apple apparently managed to “kill” GrayKey since it couldn’t hack into the iPhone X anymore. Police Captain John Scherwin from the Rochester Police Department in Minnesota said that we should “Give it time and I am sure a workaround will be developed, and then the cycle will repeat. Someone is always building a better mousetrap, whether it’s Apple or someone trying to defeat device security.” And lo and behold, he was right.

Even though no one knew how Apple did it, Grayshift found a way to keep hacking iPhones and iPads with GrayKey. A recent example is a case in 2019 where the FBI supposedly used GrayKey to access an iPhone 11 Pro when investigating Baris Ali Koch, who was helping his brother escape the US.

Will GrayKey Ever Stop Working?

In a word, unlikely. As Captain Scherwin said, there will always be a way for someone to hack into any smart device – there are always workarounds. However, Apple might find a way to stop GrayKey from working temporarily. There have been rumors about a portless iPhone that’s coming in the near future. If that’s true, it’s possible that GrayKey won’t work since there would be no way to plug it in. Even though this might be more of a temporary solution for Apple, it’ll be one way for people to keep their data private, even from the government.