Slashdot Mirror

← Back to Stories (view on slashdot.org)

Documents Prove Local Cops Have Bought Cheap iPhone Cracking Tech (vice.com)

Posted by msmash on from the iPhone-is-not-so-secure-after-all dept.

GrayShift is a new company that promises to unlock even iPhones running the latest version of iOS for a relatively cheap price. From a report: In a sign of how hacking technology often trickles down from more well-funded federal agencies to local bodies, at least one regional police department has already signed up for GrayShift's services, according to documents and emails obtained by Motherboard. As Forbes reported on Monday, GrayShift is an American company which appears to be run by an ex-Apple security engineer and others who have long held contracts with intelligence agencies. In its marketing materials, GrayShift offers a tool called GrayKey, an offline version of which costs $30,000 and comes with an unlimited number of uses. For $15,000, customers can instead buy the online version, which grants 300 iPhones unlocks.

This is what the Indiana State Police bought, judging by a purchase order obtained by Motherboard. The document, dated February 21, is for one GrayKey unit costing $500, and a "GrayKey annual license -- online -- 300 uses," for $14,500. The order, and an accompanying request for quotation, indicate the unlocking service was intended for Indiana State Police's cybercrime department. A quotation document emblazoned with GrayShift's logo shows the company gave Indiana State Police a $500 dollar discount for their first year of the service. Importantly, according to the marketing material cited by Forbes, GrayKey can unlock iPhones running modern versions of Apple's mobile operating system, such as iOS 10 and 11, as well as the most up to date Apple hardware, like the iPhone 8 and X.

50 of 101 comments (clear)

  1. FBI feigning incompetence? by VeryFluffyBunny · · Score: 4, Interesting

    So now that the cat's officially out of the bag, are all these calls for backdoors and special access by the FBI simply PR? I wonder how many years they've sat on this, without telling anyone, and without helping law enforcement solve crimes? It would seem that the FBI has lost sight of its primary objective, i.e. public safety.

    --
    Debate is a form of harassment. Do not question my truth.
    1. Re:FBI feigning incompetence? by Anonymous Coward · · Score: 1

      I guess FBI just wanted a free, 1st party cracking solution. That's what they were crying about. Law enforcement went ahead after payment of a non official solution.

    2. Re:FBI feigning incompetence? by plover · · Score: 3, Interesting

      The FBI is mostly whining because they want on-line real-time undetectable wiretapping. Cracking open a locked phone is no different than gaining a warrant and taking the phone in the first place - the suspect is aware that his phone has been taken (or is dead), and it usually happens only after a serious crime has been committed and the suspect has been identified. I have no problem with police using tools to examine evidence after a crime has been committed.

      But demanding flawed cryptographic algorithms, on the other hand, permit drift-net trawling of everyone's phones. Did you text someone about the weapon or the assassination plot? These crimes can now be thwarted before the victims are injured -- look, our pre-crime unit saves lives! But the drift-nets don't discriminate, and gather information about misdemeanor or non-criminal activity, too: small drug sales, shoplifting, or in the case of the Cheetohead-in-charge, researching climate change, donating to Hillary, or badmouthing Putin.

      If anything, the current administration is so corrupt that the FBI themselves should be putting on the brakes, saying "no, we don't even want the tools to exist since you're just going to use them to ask us to further violate the Constitution for you."

      --
      John
    3. Re:FBI feigning incompetence? by Anonymous Coward · · Score: 1

      The FBI went through the proper procedures when it requested and received a search warrant so they could access the phone of a dead terrorist. The terrorist didn't even own the phone and the owners gave the FBI permission to unlock the phone in question. Apple refused the court order saying that it was an expensive insurmountable technical challenge requiring Apple to use to many resources. Apple's refusal was a marketing campaign aimed at making consumers think their iPhones were secure and that Apple would never aid any law enforcement agency to intrude on the users privacy.

      A few days later the FBI proved went with a 3rd party solution and in the process made Apple look like a bunch of opportunistic bullshit artists.

    4. Re:FBI feigning incompetence? by omnichad · · Score: 3, Insightful

      Except if Apple knew about the backdoor, they probably would have patched it by now. The FBI likely knew of the third party utility all along but just wanted to make security seem unpatriotic.

    5. Re:FBI feigning incompetence? by Bing+Tsher+E · · Score: 1

      Or it was a marketing stunt by Apple. Their loud and bellicose refusal was definitely used for vigorous marketing.

    6. Re:FBI feigning incompetence? by AHuxley · · Score: 1

      Yes they are. The tech exists for different generations down to the city and state funded federal task forces.
      The only trick is to keep the tech message out that its all NSA, GCHQ complex for every new generation of big brand product.
      The its safe for criminals and police under internal affairs investigations to keep testing their communications and GPS devices.

      --
      Domestic spying is now "Benign Information Gathering"
    7. Re:FBI feigning incompetence? by plover · · Score: 2

      No cop is going to bother going through the legal means when nobody supervises the use of the tool.

      The nice thing is that the cops are buying license packages, so there is a supervisor - the company licensing the tool is counting every phone decrypted. Once the cops open 300 phones, they have to pony up for the next batch of phones. This means they're limited by money: they won't open a phone unless there's a reasonable expectation that it'll pay off. That will significantly slow down the "let's snoop on every phone" approach.

      --
      John
    8. Re:FBI feigning incompetence? by Mal-2 · · Score: 1

      If they go over 300 phones, they have to buy a second batch. If they exceed 600, they'll spring for an unlimited package and the incremental cost of cracking a phone will go away. Or, they'll throw in with their county or nearby cities and operate out of a single unlimited account. $30,000 a year is not a large amount for a police force. That's less than two cars (they pay about $20k a car) and quite a bit less than the cost of one employee for that same year.

      The only reason for buying the smaller package is that they don't see a need for more than 300 uses in the next 12 months -- this time.

      --
      How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  2. Thel hell? by DontBeAMoran · · Score: 4, Funny

    Documents prove local cops have bought cheap iPhone cracking technology.

    That's a totally irresponsible waste of the taxpayers money! I cracked mine THREE TIMES already without even trying! Just drop it on a concrete floor!

    --
    #DeleteFacebook
    1. Re:Thel hell? by ELCouz · · Score: 1

      I really like your name...in a sarcastic way... like your jokes.

  3. Sue their arse by mysidia · · Score: 5, Interesting

    GrayShift is an American company which appears to be run by an ex-Apple security engineer and others who have long held contracts with intelligence agencies.

    Seriously? That ex-security-engineer must be violating like 20 different agreements that Apple makes their employees that build their products sign, and here's hoping to see Apple press the charges for industrial espionage, get that ex-engineer in jail for 25 years and sue him for every $$ he and his company's worth.

    Taking innate knowledge and all the trade secrets you learned about your employer's product AND then using that to go to work creating or working for a company whose purpose is to subvert that product is almost as severe a breach of IP a product engineer can commit....

    1. Re:Sue their arse by Anonymous Coward · · Score: 5, Insightful

      Unless it's Apple's way of circumventing the public outcry they'd be suffering under if it was found out they don't actually believe in security for their users the way they've been saying. Seriously, my very first thought reading that sentence is, "Ah, Apple found a way to give the government what they wanted without getting blamed for it directly."

    2. Re:Sue their arse by pnutjam · · Score: 4, Insightful

      We'll see how quick apple is to patch this. It definitely shouldn't be out of their reach.

      --
      Cheap storage VM.
    3. Re:Sue their arse by Anonymous Coward · · Score: 1

      >Taking innate knowledge

      That word doesn't mean what you think it means.

    4. Re:Sue their arse by Anonymous Coward · · Score: 5, Insightful

      And if they DON'T patch it, and they DON'T go after their ex-employee for the damage they did to the security of their systems, then you can just take it to assume that Apply is complicit with their ex-employee and the government at undermining the safety and security of their customer's information.

  4. Access control circumvention should be illegal by Anonymous Coward · · Score: 3, Insightful

    if the DMCA doesn't outlaw this, it should be revamped to cover this

    outrageous

    1. Re:Access control circumvention should be illegal by Bing+Tsher+E · · Score: 1

      The DMCA does not apply to law enforcement operations.

  5. Greykey is probably a criminal company by Anonymous Coward · · Score: 4, Interesting

    If people keep their own copyrighted photos on their phones, then you're definitely circumventing access controls to copyrighted works when you crack a phone. Therefore, DMCA is an extremely relevant law with regard to Greykey.

    DMCA has exceptions for law enforcement, so if you're a cop then you're allowed to crack the DRM on peoples' photos. Here's that part:

    This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State. For purposes of this subsection, the term âoeinformation securityâ means activities carried out in order to identify and address the vulnerabilities of a government computer, computer system, or computer network.

    This means that if Greykey is contracted by the cops, they're also allowed to circumvent the DRM. Ass is covered, similarly to what that Israeli service is rumored to do (where AFAIK they crack the DRM rather than provide a tool for the cops to do it themselves).

    The problem, though, is before the cracking: if they have a software product that they sell to cops, were they under contract when they developed it? If they weren't, then they defintely violated the law when they "manufacture[d] a technology, product, service, device, component, or part thereof" for circumvention.

    Furthermore, unless the cops contracted them to advertise their services, they might have been violating DMCA when they "import [or] offer to the public" that software product. I find it hard to believe that someone in government contracted them to sell the product to others in government. Maybe the FBI paid them to sell their software to local police, but we might as well make them show that in court, because I think the public would be fascinated to see that contract. Congress would like to see that contract too.

    But the manufacturing violation is less iffy. They'll almost certainly get busted by a judge, if you can get 'em to the judge.

    Someone (anyone who has an iPhone and has used the camera) should sue them, so that we can get a judge to decide this stuff.

    1. Re:Greykey is probably a criminal company by q4Fry · · Score: 1

      We should arrest their principals and see where it leads. Follow the money, as they say. This is definitely illegal and needs to be shut down.

      Who is this "we?" Do you think the LEOs in Georgia (where Forbes says Greyshift was founded) are going to be all gung-ho to take out the purveyors of their newest trick? You could try a citizen's arrest, but your chances of success are slim. The chances you are then targeted with a civil suit are not.

    2. Re:Greykey is probably a criminal company by Aighearach · · Score: 1

      Mostly good, but your mistake is with the word "for" in the construct, "for circumvention."

      Courts don't play word games, they're way stricter in how they use words than that. "For" in that case doesn't stick to any word you put next to it; it sticks to what they actually did. So it doesn't matter if you can describe their conduct as circumvention. You don't just then get to substitute the word circumvention instead of what they did.

      If they were manufacturing it to sell to law enforcement, or to use on behalf of law enforcement, then it was manufactured for law enforcement purposes. Courts are strict about how they use words, and word games are also sometimes strict in how they use words, but that doesn't imply that a Court is going to listen to word games.

      Also, if the statute says that law enforcement can do it, and you're claiming that somewhere else it says you actually can't help them do it because they used the word "circumvention" without modifiers, that's just not winnable. If you convince the Court that there is a conflict in the phrasing they don't say "you win," they look for a way to read it that is actually consistent and works. And here that is obvious; the exception applies to situations that legitimately involve law enforcement. So if you win the word game, you didn't win anything, the ruling would still be the same. You'd have to find some other reasonable, workable thing that Congress might have meant when they passed it, that if true would change the analysis. But this doesn't even make motions in that direction; it is obvious what Congress intended: Cops can do this, others can only do it if they're helping cops.

      The case where the Court would even listen to your argument about the timing of the contracts is if the government arrested you and charged you with making a circumvention tool, and you were saying, "I was only going to sell it to cops, I promise!" And having a contract with cops is only one way you might defend yourself. If you haven't sold it to anybody yet, then just having a spreadsheet showing sales to cops would be enough for you to win, absent other evidence of your intent.

      You did link to part of the DMCA, but only to make your post appear as if you had a clue. You didn't actually read it. If you did, you'd have seen that it doesn't just say "no manufacture," it goes on:

      (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
      (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
      (B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
      (C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

      So actually, if you're usually selling it to cops but once in awhile you accidentally sell it to a criminal you might still be fine under this section. But clearly if you're manufacturing it with the intent of selling it to the government, you're golden; you don't even need to lean on the law enforcement exception, because the primary purpose of the tech is to access a physical device connected to a criminal investigation, not a copyrighted work. It doesn't matter if the safe might contain a painting, that doesn't make picking the lock into a copyright issue.

      If your lawyer tried to raise these arguments, you'd not only lose, your lawyer would risk getting disbarred.

  6. And if the tool is so cheap? by OzPeter · · Score: 2

    I have previously heard cracking techniques described as "security vulnerabilities". Given the ludicrously cheap price of this GreyTool and the huge amount of cash in Apple's bank accounts if I was Apple I would be buying a copy (via assorted shell companies) and seeing how they work and then rolling the countermeasures back into their products. Doing so would be a great way to get cheap security research done for you.

    Alternatively Apple could show that the product doesn't work as advertised, or provide advice on how to mitigate its functionality by updating their "security best practices" document (that I am sure they have somewhere)

     

    --
    I am Slashdot. Are you Slashdot as well?
  7. Re:The Fourth Amendment by taustin · · Score: 4, Interesting

    They need possession of the phone. Which still requires the same probably cause or warrant it always has. This is no different than calling in a locksmith open a wall safe.

    Yawn.

  8. Re:We don't need to weaken encryption by Anonymous Coward · · Score: 1

    IF it is asking for your key, than it is not a valid warrant.

  9. Nazi sympathizers ... by Anonymous Coward · · Score: 4, Insightful

    So, I don't want to Godwin this entire thread, but quite honestly I view companies which do this as little better than Nazi Sympathizers.

    They don't care about the potential harm they do, they don't treat this on a case by case basis -- they're just providing a carte blanche tool to police.

    And, like all such people, I'm sure they're fairly indiscriminate about selling to the nastier countries with terrible track records on human rights.

    I bet there is little to no judicial oversight in how these tools are being used, because the police don't care for such things.

    Sorry, but making and selling tools like this should make you a target. You clearly don't give a damn about the finer details of when this is used and the impact to people's lives .. so why the fuck should we give a fuck about your life?

    There is no claim of "how was I to know" or "I was just following orders". This is straight up helping a totalitarian state for profit.

    Morally, I don't see the difference between these guys and the people who helped the Nazis.

    This is why there can never be backdoors for law enforcement. Fuck 'em all.

    1. Re:Nazi sympathizers ... by Bing+Tsher+E · · Score: 1

      I'd say that Apple is closer to being 'the nazis' than these folks. Or at least as close.

      Not that some stupid godwin reference matters.

      And why should people who don't use an iPhone give a fuck about any of the details of your life, since you brought that tone to the discussion?

  10. Then we should sue Apple by Anonymous Coward · · Score: 1

    For telling us it is secure.

    1. Re:Then we should sue Apple by Aighearach · · Score: 1

      For telling us it is secure.

      Unfortunately, words stated without modifiers are not presumed by the Courts to be impossible absolutes, but rather to be typical values of the word.

      So telling you it is secure, that means secure, as in the state something is in after an effort to secure it.

      Compare also, "my money is in a safe" to "my money is safe" and "your money is safe with us!" Safe means a lot of different things, there is no expectation that it always mean, "unblemished until the heat death of the Universe." If steps were taken to make it safe, now it is safe, to some real-world degree. Same for security. Your device has been secured. Sleep better, or not, your choice.

  11. I'll ask the question that nobody has asked..... by 8127972 · · Score: 2

    How do we know that any of this stuff actually works? For all anyone knows, these companies are selling smoke and mirrors.

    --
    This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
  12. Know where it came from? by CaptainDork · · Score: 2

    The fucking NSA, via ShadowBrokers.

    --
    It little behooves the best of us to comment on the rest of us.
  13. Re:Smartphones value:risk ratio doesn't jive by pnutjam · · Score: 1

    I prefer a tcp/ip stack. It's too tempting and all but assures any attack vectors will use it.

    I understand it much better then whatever communication stack is inside a dumb cell phone. As you said, they can still track your location, log your messages, phone calls, and metadata.

    --
    Cheap storage VM.
  14. Re:We don't need to weaken encryption by pnutjam · · Score: 3, Insightful

    I'd decrypt for a third party pledged to access only what the warrant is seeking. I don't think it's fair to decrypt and give blanket access for fishing expeditions.

    --
    Cheap storage VM.
  15. wussup coppers by AndyKron · · Score: 1

    LOL! I have a Samsung that doesn't have a single lock on it. I wonder how long and much money it would cost them to crack it?

  16. Re:We don't need to weaken encryption by Anonymous Coward · · Score: 1

    No, lets be clear here. Their warrant is to look at the encrypted data. It's not our problem if they can't understand what they are looking at, they had their right to look.

    The reason this matters is the we are not required to help the police understand what they are seeing. We don't need technology, I could just write gibberish on a piece of paper and put it in a filing cabinet.

    If a search warrant turns up my 2 year olds drawings that no one can understand, do I have to explain what that drawing is during a police search warrant? I think not.

    I could turn an electronic document into a physical one by laying out pennies in a grid similar to memory, heads is a 0, tails is a 1.
    If you execute a search warrant and find stacks of pennies in a grid on my floor, do I also have to explain to them what that means?

    A warrant is a right to search *NOT* understand. The understanding part is on them.

  17. Bought Cheap iPhone Cracking Tech by fahrbot-bot · · Score: 1

    Buyer beware. I imagine using cheap 3rd party stuff on the iPhone will void the warranty. But, to be fair, the official "iCrack" software from Apple is *super* expensive - and you have to get a reservation at an Apple store Genius Bar, wait in line, drop the phone off, talk to a guy with a goatee, etc ...

    --
    It must have been something you assimilated. . . .
  18. Re:The Fourth Amendment by AutodidactLabrat · · Score: 1

    No, your widow will get a rude shock when you try to shoot police.
    or do you think some unnamed U.N. Black-skinned jackboots will do it?

  19. Re:The Fourth Amendment by AutodidactLabrat · · Score: 4, Insightful

    No.
    It only requires that the Police lie to the judge.

  20. Re:We don't need to weaken encryption by Train0987 · · Score: 1

    What happens when they testify that your gibberish note is a terrorist plot written in code? Your smug grin and silence will help you a bunch then.

  21. Re:We don't need to weaken encryption by mark-t · · Score: 1

    If someone forgets their encryption key, that's on them. We keep hearing about how people need to be held strictly responsible for any slight misuse of firearms, so I think that applies in spades also to encryption. If you use it and cannot remember the key to allow the state to execute a valid warrant, sucks to be you unless you can prove that you are not defying the court.

    Are you suggesting that it entirely justified to throw people in jail for what they happen to *think*, regardless of what they may actually do, if what they happen to think does not happen to agree with what the law defines as acceptable?

    --
    File under 'M' for 'Manic ranting'
  22. The window of government snooping is closing fast by roxywuppy · · Score: 2

    Paid apps are next shit impossible to break as locked with quantum computers never unlocking ever, you bought what is coming with ignorance. Cops sucking the data from the phones of those they stopped like Chinese Communist caused this in the first place. Is there no part of American government not rock stupid?

  23. Re: Apple security was always flawed then by Anonymous Coward · · Score: 1

    So don't backup files to iCloud servers, that has nothing to do with the encryption on the phone. Also I will guess that many of the hacks they use will get fixed by Apple.

    However seeing things like this proves there is no way that Apple or probably any company could design a back door which only the "good guys" would have access to. Even without purposely built back doors, it's a constant fight to keep systems secure.

  24. Using knowledge that Apple willingly gave him by bagofbeans · · Score: 3, Interesting

    If he is making use of an Apple trade secret, especially if he has signed contracts to keep such confidential, then he is in violation.

    This is not a issue of having the right to continue the same work under different employment.

  25. Re:Smartphones value:risk ratio doesn't jive by Aighearach · · Score: 1

    Maybe I'm just not as Appy as you, but my mobile device has maps that I downloaded and control.

    It is probably because I'm educated enough to read a map that I know the difference between reading a map on an app I control, and reading a map on an app somebody else controls.

    If you don't know what freedom is or which decisions it comes from, instead of throwing away your phone maybe just stop pretending you care about freedom?

  26. Re:I'll ask the question that nobody has asked.... by Aighearach · · Score: 1

    One of the most generic examples that Courts bandy about in false advertising cases, and some types of fraud cases, is: "What if you sell a bunch of guns to the government, and they don't shoot?" That's the default example of selling something that doesn't do what it says it does.

    So the answer is, we know it works because they didn't get in trouble after selling it to the government!

    If you sell it to a private party, there is a lot more gray area about arguing what the device was for, and what the appropriate expectations were. But when you sell it to the Government, you're operating under the most cliched examples; the facts of your case will end up exactly matching the hypotheticals already considered in other cases. ;) Nobody is going to believe that you thought the Government wanted to buy it as a fancy paperweight; it is very easy to presume that you knew the Government was buying it to actually use it.

  27. Will Apple buy this? by neurocutie · · Score: 1

    So will Apple (or a suitable proxy/agent/front) for $30,000, buy this Greykey so it can plug the hole(s)?

  28. Low tech by DaMattster · · Score: 1

    I think it's just better to go low tech nowadays. I'd rather go back to a basic flip phone.

  29. Re:Smartphones value:risk ratio doesn't jive by Bing+Tsher+E · · Score: 1

    I'm glad all these children have smartphones though. It means they will never be any threat to my job. Nobody who grows up addicted to one will learn to code or be any good with real computing.

    But when you and your generation are old and ready to retire, the world will fall into a shambles.

  30. Re:We don't need to weaken encryption by Bing+Tsher+E · · Score: 1

    No, he's a good little Entemanns.

    It's better than being a Little Debian Snack Cake.

  31. Re:I'll ask the question that nobody has asked.... by AHuxley · · Score: 1

    NSA ANT catalog https://en.wikipedia.org/wiki/...
    Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
    SISMI-Telecom scandal https://en.wikipedia.org/wiki/... SISMI-Telecom scandal
    Operation Socialist https://en.wikipedia.org/wiki/... Operation Socialist
    The past is full of security services getting the trapdoors and backdoors and keys into nations telco systems.
    Can US city and state police with federal task forces and that extra funding afford the same in 2018?
    The telcos and big bands cannot secure their internal networks.
    The price for a city police force to play is the only question. Voice prints too :)

    --
    Domestic spying is now "Benign Information Gathering"
  32. Re: The Fourth Amendment by AutodidactLabrat · · Score: 1

    And the Black Panthers won so WELL didn't they?
    Oh, wait, your "Second Amendment Army" will crumble in minutes