BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Apple Vs. GrayKey: Leaked Emails Expose The Fight For Your iPhone Privacy

Following
This article is more than 5 years old.

In the fight over digital privacy, Apple is forever adding layer on layer of security to its iPhones. For most users, Apple’s approach is a great boon, keeping all their information away from thieves and hackers. But for America’s cops, it’s causing a headache, preventing them getting into iPhones where they could find valuable and timely information. That’s why police are increasingly turning to private contractors like GrayShift, which Forbes uncloaked earlier this year as it promised to hack its way into the latest Apple cellphones.

Is either side winning? From emails leaked to Forbes, and in conversations with police officials, it would appear on first glance that Apple’s latest updates to its iOS operating system truly have stymied the cops and their GrayKeys. But, at the same time, police still have a way to hack into iPhones, even the latest models, the emails show. The messages were shared by an anonymous source who had access to a private email list subscribed to by members of the police and digital forensics communities.

The great cat and mouse game

First came Apple’s move. With this month’s release of the latest version of iOS, 11.4.1, the company made it more difficult for cops and thieves alike to get through the lockscreen. The iPhone maker did that by releasing a feature called USB Restricted Mode. When turned on, the feature ensures an iPhone that has remained unlocked for one hour cannot transfer data to any computer it is connected to via USB unless a passcode is entered.

For law enforcement, this is problematic. Typically, anyone looking to break past the passcode protections on an iPhone has to attach it via the Lightning port to a computer or specialist hardware that tries to obtain the passcode. An example of such hardware is the GrayKey tool, first revealed by Forbes in March, when it emerged the tool’s creator Grayshift was cofounded by an ex-Apple security employee. But getting an iPhone from a crime scene to a place where devices like GrayKey can start trying to crack open the device often takes longer than an hour. And, once connected, the cracking process may take much longer than that timeframe.

Hence real frustration for American investigators. In one email, dated July 19, a detective at the Oklahoma City Police Department wrote: “We have run into our first phone with 11.4.1 yesterday and it’s confirmed. Plugging the device into the GrayKey results in the phone signalling that it’s charging but they GrayKey does not recognize that a phone is plugged into it.” That appeared to contradict previously-reported claims from GrayShift that GrayKey was unaffected by Apple’s update, though Vice Motherboard's Joseph Cox told Forbes the same detective informed him "an update fixed the issue," indicating GrayShift had yet again found a way around Apple's tech. (The emails also revealed Oklahoma City’s police department as one of many U.S. agencies who’ve bought into GrayShift’s product. That was later confirmed in a $15,000 purchase order shared with Forbes by the department.)

But the emails also showed that while Apple’s added security works, at least some cops have a proven way to bypass USB Restricted Mode.

After the Oklahoma City detective’s comment, forensics professionals on the email thread started discussing a way to circumvent USB Restricted Mode, as recently revealed by Russian company Elcomsoft. The bypass is remarkably simple: connecting an iPhone to an accessory device, such as a $39 Apple camera adapter, will reset the one-hour timer. Imagine a police officer obtains an iPhone from a suspect. If the detective has an accessory to hand, they can continually connect it to the iPhone and reset the time, ensuring it won’t lock itself down, as long as it hasn’t already gone into restricted mode.

One staffer at the Santa Clara County Crime Lab wrote that someone in one of his forensics classes had confirmed the Elcomsoft bypass worked. Such classes are only for police and prosecutors, showing government agents know about and are actively testing the hack.

It appeared GrayShift wasn’t happy about law enforcement discussing its tools in such forums. David Miles, chief executive officer at GrayShift, eventually chimed in, asking members of the email service to contact the company directly if they wanted to learn more about GrayKey's capabilities.

Forbes

Miles hadn’t responded to a request for comment at the time of publication. His company has been attracting all manner of buyers from across local and federal government, from New York narcotics cops to the Coast Guard.

Apple declined to comment.

It remains unclear whether or not the iOS hacking tools of Israeli company Cellebrite, the biggest provider of cellphone forensics tools to the U.S., have been affected by Apple’s update. Cellebrite also declined to comment at the time of publication.

Patchy competence

Not all law enforcement bodies are benefiting from the private hacking tools available to them. In recent cases, cops have struggled to open iPhones. Take, for instance, an FBI case in Nebraska. In a search warrant obtained by Forbes and dated July 24, the investigating officer complains that it wasn’t possible to access an iPhone 6 in a bank robbery probe. In a frank observation, the FBI agent said that he tried to download information from the phone, but the “password decode would take 28 years.” Was this a failure of GrayKey tech? Did the agent even have access to GrayShift’s tool? The Nebraska FBI office declined to comment.

Forbes

A source at the FBI told Forbes that even if Apple’s updates had locked police out of the latest iOS, there was a significant backlog that could be opened with the GrayKey. With this new capability, officers are now rifling through which iPhones were of critical importance. There appear to be enough running older, less secure versions of Apple’s software that the GrayKey can still unlock.

Follow me on TwitterCheck out my websiteSend me a secure tip