Slashdot Mirror
Documents Prove Local Cops Have Bought Cheap iPhone Cracking Tech (vice.com)
GrayShift is a new company that promises to unlock even iPhones running the latest version of iOS for a relatively cheap price. From a report: In a sign of how hacking technology often trickles down from more well-funded federal agencies to local bodies, at least one regional police department has already signed up for GrayShift's services, according to documents and emails obtained by Motherboard. As Forbes reported on Monday, GrayShift is an American company which appears to be run by an ex-Apple security engineer and others who have long held contracts with intelligence agencies. In its marketing materials, GrayShift offers a tool called GrayKey, an offline version of which costs $30,000 and comes with an unlimited number of uses. For $15,000, customers can instead buy the online version, which grants 300 iPhones unlocks.
This is what the Indiana State Police bought, judging by a purchase order obtained by Motherboard. The document, dated February 21, is for one GrayKey unit costing $500, and a "GrayKey annual license -- online -- 300 uses," for $14,500. The order, and an accompanying request for quotation, indicate the unlocking service was intended for Indiana State Police's cybercrime department. A quotation document emblazoned with GrayShift's logo shows the company gave Indiana State Police a $500 dollar discount for their first year of the service. Importantly, according to the marketing material cited by Forbes, GrayKey can unlock iPhones running modern versions of Apple's mobile operating system, such as iOS 10 and 11, as well as the most up to date Apple hardware, like the iPhone 8 and X.
This is what the Indiana State Police bought, judging by a purchase order obtained by Motherboard. The document, dated February 21, is for one GrayKey unit costing $500, and a "GrayKey annual license -- online -- 300 uses," for $14,500. The order, and an accompanying request for quotation, indicate the unlocking service was intended for Indiana State Police's cybercrime department. A quotation document emblazoned with GrayShift's logo shows the company gave Indiana State Police a $500 dollar discount for their first year of the service. Importantly, according to the marketing material cited by Forbes, GrayKey can unlock iPhones running modern versions of Apple's mobile operating system, such as iOS 10 and 11, as well as the most up to date Apple hardware, like the iPhone 8 and X.
So now that the cat's officially out of the bag, are all these calls for backdoors and special access by the FBI simply PR? I wonder how many years they've sat on this, without telling anyone, and without helping law enforcement solve crimes? It would seem that the FBI has lost sight of its primary objective, i.e. public safety.
Debate is a form of harassment. Do not question my truth.
That's a totally irresponsible waste of the taxpayers money! I cracked mine THREE TIMES already without even trying! Just drop it on a concrete floor!
#DeleteFacebook
GrayShift is an American company which appears to be run by an ex-Apple security engineer and others who have long held contracts with intelligence agencies.
Seriously? That ex-security-engineer must be violating like 20 different agreements that Apple makes their employees that build their products sign, and here's hoping to see Apple press the charges for industrial espionage, get that ex-engineer in jail for 25 years and sue him for every $$ he and his company's worth.
Taking innate knowledge and all the trade secrets you learned about your employer's product AND then using that to go to work creating or working for a company whose purpose is to subvert that product is almost as severe a breach of IP a product engineer can commit....
if the DMCA doesn't outlaw this, it should be revamped to cover this
outrageous
I own 6 guns that the government knows nothing about. They're going to get a pretty rude shock if they try to break down my door.
If people keep their own copyrighted photos on their phones, then you're definitely circumventing access controls to copyrighted works when you crack a phone. Therefore, DMCA is an extremely relevant law with regard to Greykey.
DMCA has exceptions for law enforcement, so if you're a cop then you're allowed to crack the DRM on peoples' photos. Here's that part:
This means that if Greykey is contracted by the cops, they're also allowed to circumvent the DRM. Ass is covered, similarly to what that Israeli service is rumored to do (where AFAIK they crack the DRM rather than provide a tool for the cops to do it themselves).
The problem, though, is before the cracking: if they have a software product that they sell to cops, were they under contract when they developed it? If they weren't, then they defintely violated the law when they "manufacture[d] a technology, product, service, device, component, or part thereof" for circumvention.
Furthermore, unless the cops contracted them to advertise their services, they might have been violating DMCA when they "import [or] offer to the public" that software product. I find it hard to believe that someone in government contracted them to sell the product to others in government. Maybe the FBI paid them to sell their software to local police, but we might as well make them show that in court, because I think the public would be fascinated to see that contract. Congress would like to see that contract too.
But the manufacturing violation is less iffy. They'll almost certainly get busted by a judge, if you can get 'em to the judge.
Someone (anyone who has an iPhone and has used the camera) should sue them, so that we can get a judge to decide this stuff.
I have previously heard cracking techniques described as "security vulnerabilities". Given the ludicrously cheap price of this GreyTool and the huge amount of cash in Apple's bank accounts if I was Apple I would be buying a copy (via assorted shell companies) and seeing how they work and then rolling the countermeasures back into their products. Doing so would be a great way to get cheap security research done for you.
Alternatively Apple could show that the product doesn't work as advertised, or provide advice on how to mitigate its functionality by updating their "security best practices" document (that I am sure they have somewhere)
I am Slashdot. Are you Slashdot as well?
The risk of being surveilled, robbed, and redirected is too high. You want maps? Learn to fucking read one. You want chat, do that after you park your fucking car. Anyone who cares about freedom or privacy shouldn't own a smartphone. I use a phone that doesn't have have a TCP/IP stack and all it can do is text and call. Even that is too much since the phone company can and does track your position. Fuck a smartphone. I don't care what convenient features it has. I'm glad all these children have smartphones though. It means they will never be any threat to my job. Nobody who grows up addicted to one will learn to code or be any good with real computing. The smartphone fucking ruins their little mind before it ever had a chance. Too bad there isn't a job for Angry Birds or Weechat champions, eh kids?
They need possession of the phone. Which still requires the same probably cause or warrant it always has. This is no different than calling in a locksmith open a wall safe.
Yawn.
IF it is asking for your key, than it is not a valid warrant.
So, I don't want to Godwin this entire thread, but quite honestly I view companies which do this as little better than Nazi Sympathizers.
They don't care about the potential harm they do, they don't treat this on a case by case basis -- they're just providing a carte blanche tool to police.
And, like all such people, I'm sure they're fairly indiscriminate about selling to the nastier countries with terrible track records on human rights.
I bet there is little to no judicial oversight in how these tools are being used, because the police don't care for such things.
Sorry, but making and selling tools like this should make you a target. You clearly don't give a damn about the finer details of when this is used and the impact to people's lives .. so why the fuck should we give a fuck about your life?
There is no claim of "how was I to know" or "I was just following orders". This is straight up helping a totalitarian state for profit.
Morally, I don't see the difference between these guys and the people who helped the Nazis.
This is why there can never be backdoors for law enforcement. Fuck 'em all.
For telling us it is secure.
You just want to throw out all the Bill of Rights huh? That should work out well for you.
These stories are just put up to try to fool you into thinking your privacy isn't raped every which way already.
Is slashdot really forgetting about the Snowden files?
EVERYthing EVERYbody does is monitored and recorded and analyzed. All of the big companies are in on it along with the federal government/military. If you know about the content of the Snowden files and still think they aren't mining this data to create propaganda through their media cronies you are MENTALLY RETARDED.
I think you are so very wrongheaded on this that its not even funny. Nothing anyone says could convince you otherwise. Are you seriously saying you have never forgotten a password for an old account?
If this is ever put into place I can only hope that you are stung by it yourself.
How do we know that any of this stuff actually works? For all anyone knows, these companies are selling smoke and mirrors.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
The fucking NSA, via ShadowBrokers.
It little behooves the best of us to comment on the rest of us.
Sigh. They're not going to break down your door. They're going to bomb your house from the air; if they really want you dead. Quit thinking that you can resist today's military with a few rifles if they come knocking. They won't knock. Scared of tyranny? Better get an army base to see things your way.
I'd decrypt for a third party pledged to access only what the warrant is seeking. I don't think it's fair to decrypt and give blanket access for fishing expeditions.
Cheap storage VM.
LOL! I have a Samsung that doesn't have a single lock on it. I wonder how long and much money it would cost them to crack it?
Yeah, thats why they have chemtrails. You'll be in no position to fire a gun when they come a knockin. smart, not so smart.
Everybody knows you've got to boil vinegar eggs to free the radicals released by the mailman.
No, lets be clear here. Their warrant is to look at the encrypted data. It's not our problem if they can't understand what they are looking at, they had their right to look.
The reason this matters is the we are not required to help the police understand what they are seeing. We don't need technology, I could just write gibberish on a piece of paper and put it in a filing cabinet.
If a search warrant turns up my 2 year olds drawings that no one can understand, do I have to explain what that drawing is during a police search warrant? I think not.
I could turn an electronic document into a physical one by laying out pennies in a grid similar to memory, heads is a 0, tails is a 1.
If you execute a search warrant and find stacks of pennies in a grid on my floor, do I also have to explain to them what that means?
A warrant is a right to search *NOT* understand. The understanding part is on them.
Buyer beware. I imagine using cheap 3rd party stuff on the iPhone will void the warranty. But, to be fair, the official "iCrack" software from Apple is *super* expensive - and you have to get a reservation at an Apple store Genius Bar, wait in line, drop the phone off, talk to a guy with a goatee, etc ...
It must have been something you assimilated. . . .
I own 6 guns that the government knows nothing about.
... except for the drone that photoed your license plate at the shooting range.
the real news here ...
is not that they bought it. after all, everyone knows that if you build it, they will come.
the real news is that apple has rolled over on encrypted ios devices as of this latest ios update.
the real news is that apple still hasn't fixed it!
the real news is all you need is a modified rockstar cable, a raspberry pi and you too can brute force the unlock. Bypassing the hardware lock by simply sending the the correct byte code to the device. that, ladies and gentlemen of the jury, is the real news!
They know about them now that you blabbed about them.
Posting AC doesn't deter or hide from the government at all.
No, your widow will get a rude shock when you try to shoot police.
or do you think some unnamed U.N. Black-skinned jackboots will do it?
No.
It only requires that the Police lie to the judge.
If losing one security engineer can compromise your product security then your product security was flawed to begin with. It means that the algorithm and procedure are bullshit and that the entire security team was relying on security through obscurity.
Its simple, if your security procedures rely on the secretes staying in house and cannot handle a public or outside release then they just are not that secure to begin with. This also shows how badly apple is really run as this story has been out for a while and there was no immediate legal or PR action on apples behalf, sometimes the silence speaks louder than words.
What happens when they testify that your gibberish note is a terrorist plot written in code? Your smug grin and silence will help you a bunch then.
Are you suggesting that it entirely justified to throw people in jail for what they happen to *think*, regardless of what they may actually do, if what they happen to think does not happen to agree with what the law defines as acceptable?
File under 'M' for 'Manic ranting'
So, business as usual?
I bet you that's disputed. Where would this duty come from?
A warrant is a thing that causes a normally-illegal act committed by a law enforcement officer, to become legal. You're saying it creates an obligation for someone else, too? I'm skeptical.
But you might be right about that. This, though:
You are creating a new thing there. This would be a whole new type of law that America hasn't seen before. (U.K. has it, though.) I think we might want an election or constitutional amendment ratification on this one.
Paid apps are next shit impossible to break as locked with quantum computers never unlocking ever, you bought what is coming with ignorance. Cops sucking the data from the phones of those they stopped like Chinese Communist caused this in the first place. Is there no part of American government not rock stupid?
If he is making use of an Apple trade secret, especially if he has signed contracts to keep such confidential, then he is in violation.
This is not a issue of having the right to continue the same work under different employment.
I don't have the key.
It originally was set, by deadman switch, to randomize and message itself to someone, along with instructions to not contact me until the "unexpected duress" has passed.
You're chasing something you don't have access to, no matter how hard your tantrum legislates. You were too thick to understand that, so now I don't either.
Eventually you'll try to desperately criminalize the tool I used, but the underlying realities remain and some other canary fix will replace it. Raw compulsion is ultimately a voluntary act, and "because I said so" is the desperate cry of someone who has nothing else.
One of the most generic examples that Courts bandy about in false advertising cases, and some types of fraud cases, is: "What if you sell a bunch of guns to the government, and they don't shoot?" That's the default example of selling something that doesn't do what it says it does.
So the answer is, we know it works because they didn't get in trouble after selling it to the government!
If you sell it to a private party, there is a lot more gray area about arguing what the device was for, and what the appropriate expectations were. But when you sell it to the Government, you're operating under the most cliched examples; the facts of your case will end up exactly matching the hypotheticals already considered in other cases. ;) Nobody is going to believe that you thought the Government wanted to buy it as a fancy paperweight; it is very easy to presume that you knew the Government was buying it to actually use it.
Aren't you a good little Eichmann.
So will Apple (or a suitable proxy/agent/front) for $30,000, buy this Greykey so it can plug the hole(s)?
I think it's just better to go low tech nowadays. I'd rather go back to a basic flip phone.
Soon quantum will make the data safe unopenable and no force on earth will be able to do shit about it.
Everyone will be able to remain silent and enforce it. Yawn.
Mesh not TCPIP will rule.
No, he's a good little Entemanns.
It's better than being a Little Debian Snack Cake.
He's incorrect, you can be forced to unlock a biometric as it is something you have. But you can't be forced to confess a code, which is something you know.
NSA ANT catalog https://en.wikipedia.org/wiki/... :)
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
SISMI-Telecom scandal https://en.wikipedia.org/wiki/... SISMI-Telecom scandal
Operation Socialist https://en.wikipedia.org/wiki/... Operation Socialist
The past is full of security services getting the trapdoors and backdoors and keys into nations telco systems.
Can US city and state police with federal task forces and that extra funding afford the same in 2018?
The telcos and big bands cannot secure their internal networks.
The price for a city police force to play is the only question. Voice prints too
Domestic spying is now "Benign Information Gathering"
Sarcasm? The silence and smugness would mean no conviction and freedom.
just do a charlie hebdo style visit to these ex apple employees, and exterminate them and their families and everything and everyone they hold dear
they will suddently stop making these tools if you make it scary enough
Shhhh OP here doesn't understand the meaning of circumstantial evidence
Exactly. What can rifles and guerrilla tactics do against a modern military? Just like those Russians crushed those stupid Afghan rebels within weeks with their tanks, helicopters and rockets...
And the Black Panthers won so WELL didn't they?
Oh, wait, your "Second Amendment Army" will crumble in minutes