Advertisement

Police across the US are buying an affordable iPhone cracker

It reportedly works even on the iPhone X and iOS 11.

More and more authorities in the US are getting access to an affordable device that can unlock iPhones, according to Motherboard. The publication's investigation has revealed that a number of local and regional police forces, including Maryland's and Indiana's, have either already bought or are thinking of buying a new piece of iPhone-cracking technology called GrayKey. It reportedly works even on phones running iOS 11, Apple's latest mobile platform, and even if authorities are using it on an iPhone X. Motherboard says the State Department already has one of its own, while the Secret Service and the Drug Enforcement Administration are planning to buy some.

Based on an earlier report by Malwarebytes, GrayKey is a small box that can unlock two iPhones at a time. (See the two connectors in the image of the device below?) It was developed by Atlanta company Grayshift, which is run by long-time US intelligence agency contractors and a former Apple security engineer, according to Forbes. To use GrayKey, all cops need to do is connect a phone to it for two minutes. They simply have to wait a bit after it's unplugged to see a black screen pop up with the passcode -- how long they'd have to wait depends on how complex the passcode/passphrase is.

[Image credit: Malwarebytes]

But more than being easy to use, it's incredibly affordable for what it can do. If you'll recall, the feds paid Israeli company Cellebrite $900,000 to crack open the San Bernardino shooter's iPhone after Apple repeatedly refused to do it for them. Currently, Cellebrite unlocks phones for at least $5,000 each, but even that amount is comparably enormous to how much cops have to spend for every GrayKey unlock.

There are two GrayKey variants available: one will set government agencies back $15,000, while the other will cost them $30,000. They can use the more expensive of the two to unlock as many iPhones as they want. The cheaper version has a limit of 300 devices, but even that isn't so bad when you do the math -- that's only $50 per device.

FBI chief Christopher Wray called encryption a "major public safety issue" when he revealed that the bureau couldn't get to the evidence stored in 7,775 devices it failed to access the previous year. It's unclear whether they already ran the iPhones in that pile through a GrayKey, but (short of telling tech giants to add a backdoor to their devices) he urged companies to work with the government in creating a way to access phones owned by suspects.

So, why are authorities still calling for a backdoor when devices like GrayKey already exist? As Motherboard points out, phone-cracking devices exploit security holes, which Apple, Google and other phonemakers can patch up anytime. A backdoor would ensure they can access data whatever the device is and even if it's running the latest mobile OS.