U.S. Law Enforcement Agencies Snatch up New Tools to Crack iPhones

More and more law enforcement agencies across the U.S. are getting their hands on a device that can break into iPhones, a new investigative report suggests.

That device is called GrayKey. It’s a small, relatively unobtrusive box and is fairly inexpensive. But, when connected to an iPhone, GrayKey can reportedly crack the device’s notoriously secure encryption. It even works on the latest Apple flagship, the iPhone X, running the latest versions of iOS 11.

And according to a new report by Motherboard, GrayKey is finding its way across the country. A number of local and regional police forces — including several in Maryland, Indiana, and Florida — have either purchased the device or are thinking about buying it.

Federal agencies are also working to get GrayKey devices, Motherboard revealed. The U.S. State Department already has one, while the DEA, FBI and Secret Service are all looking into acquiring their own. The latter agency is reportedly planning on buying at least six GrayKey boxes.

The publication acquired this information based on public records requests, online documents and conversations with law enforcement officials.

What Is GrayKey?

GrayKey is a small box developed by a company called Grayshift. Based out of Atlanta, the firm is run by former intelligence agency contractors and even has an ex-Apple security engineer on its staff, Forbes reported.

While reports about Grayshift first swirled around the internet in early March, our first look at the firm’s flagship iPhone bypass device came about in a Malwarebytes report on March 15.

The device is a small, unassuming gray box with two Lightning connectors attached to it. When hooked up to an iPhone, GrayKey installs proprietary software that can guess the iPhone’s passcode in just a few hours.

It can reportedly crack any iPhone model running iOS 10 or 11, with iOS 9 support on the way. But the exact method it uses to bypass the encryption is unknown.

Grayshift has taken to marketing the device to law enforcement and intelligence agencies across the globe — and the firm is doubling down on the relatively affordable price point. For $30,000, Grayshift is promising a law enforcement agency “unlimited” offline iPhone unlocks.

Apple and Encryption

The reported proliferation of GrayKey is only the latest development in a long-standing debate about the future of encryption and law enforcement.

At the International Conference on Cyber Security, FBI Director Christopher Wray said that U.S. law enforcement entities are “increasingly unable” to access data on encrypted devices. With GrayKey, however, that might not strictly be true.

While a boon for law enforcement agencies, GrayKey has some serious privacy implications — particularly if a device were to fall into the wrong hands. It’s also currently unknown how or to whom Grayshift is selling its device.

Apple is well-known for its strong commitment to user privacy — which famously culminated in a dustup with the FBI over a request to create a backdoor tool that could unlock iPhones.

The Cupertino tech giant regularly works to patch security holes such as this. Of course, because the exact method that GrayKey uses to crack iPhone encryption isn’t known, it might be a while before Apple can figure out how to mitigate it.

As we’ve written before, the average iPhone user probably has nothing to worry about. But it may still be important to realize that our beloved Apple devices may not be as hack-proof in the near future.