Slashdot Mirror

← Back to Stories (view on slashdot.org)

State Department Seemingly Buys $15,000 iPhone Cracking Tech GrayKey (vice.com)

Posted by BeauHD on from the only-a-matter-of-time dept.

An anonymous reader quotes a report from Motherboard: Grayshift, a company that offers to unlock modern iPhones for as little as $50 each, has caused a buzz across law enforcement agencies, with local police already putting down cash for the much sought-after tech. Now, it appears a section of the U.S. State Department has also purchased the iPhone cracking tool, judging by procurement records reviewed by Motherboard. Grayshift's iPhone product, dubbed GrayKey, can unlock devices running versions of Apple's latest mobile operating system iOS 11, according to marketing material obtained by Forbes. An online version of GrayKey which allows 300 unlocks costs $15,000 (which boils down to $50 per device), and an offline capability with unlimited uses is $30,000. According to a recent post from cybersecurity firm Malwarebytes, which obtained leaked details on GrayKey, the product itself is a small, four inch by four inch box, and two iPhones can be connected at once via lightning cables. Malwarebytes adds that the time it takes to unlock a device varies depending on the strength of the user's passcode: it may be hours or days. Notably, Grayshift includes an ex-Apple engineer on its staff, Forbes reported.

On March 6, the State Department ordered an item from Grayshift for just over $15,000, according to a purchase order listing available on the U.S. government's public federal procurement data system. The listing is sparse on details, putting the order under the generic label of "computer and computer peripheral equipment." But Motherboard confirmed that the Grayshift in the State Department listing is the same as the one selling iPhone cracking tech: the phone number of the vendor in both the purchase order and documents Motherboard previously obtained detailing a GrayKey purchase by Indiana State Police is the same. The "funding office" for the Grayshift purchase was the Bureau of Diplomatic Security, according to the procurement records. The Bureau acts as the law enforcement and security arm of the State Department, bearing "the core responsibility for providing a safe environment for the conduct of U.S. foreign policy," the State Department website reads.

79 comments

  1. apple will just drop lightning cables in next phon by Joe_Dragon · · Score: 2, Funny

    apple will just drop lightning cables in next phone

  2. Hope they got a warrant otherwise dmca violation by Anonymous Coward · · Score: 0

    6 billion a pop damges offense according according the RIA.

  3. Re: Hope they got a warrant otherwise dmca violat by Anonymous Coward · · Score: 1

    Silly peasant thinking those laws apply to police.

  4. Strength of passcode? by mark-t · · Score: 2, Insightful

    What does it mean for a passcode to be particularly strong or weak when the passcode must be all digits and must be some fixed number of digits long?

    --
    File under 'M' for 'Manic ranting'
    1. Re: Strength of passcode? by Anonymous Coward · · Score: 3, Informative

      iOS allows indeterminant length pass phrases, you simply need to change a setting

    2. Re:Strength of passcode? by kilfarsnar · · Score: 4, Informative

      What does it mean for a passcode to be particularly strong or weak when the passcode must be all digits and must be some fixed number of digits long?

      It means that for the passcode to be stronger it needs to be longer. There is not a fixed number of digits, and the phone can be set to require you to tap OK after typing the passcode, so the number of digits cannot be determined.

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
    3. Re:Strength of passcode? by Anubis+IV · · Score: 3, Informative

      I take it you’re unaware that alphanumeric passcodes have been supported since iOS 4? In iOS 11, you just need to tap the rather obviously named Passcode Options button when you go to change your passcode to bring up the options for formats other than the six-digit default.

    4. Re:Strength of passcode? by mark-t · · Score: 2

      I have an iPhone6+, running iOS11 and I cannot find anything called "passcode options" anywhere on my phone. The only thing that is even close to that is "passcode settings" in the guided access settings under accessibility, and that is a 6-digit password as well.

      Could you tell me where, exactly, this option is supposed to be, because even the search function on my phone isn't finding anything like what you describe?

      --
      File under 'M' for 'Manic ranting'
    5. Re:Strength of passcode? by burtosis · · Score: 2

      Lol, it's the first google hit for alphanumeric passcode ios11

    6. Re:Strength of passcode? by mi · · Score: 1

      the passcode must be all digits

      WTF? Even if there ever was, there is no such requirement today. Mine has letters — and, wow, not all of them even from the Latin alphabet...

      must be some fixed number of digits long?

      Another falsehood...

      --
      In Soviet Washington the swamp drains you.
    7. Re:Strength of passcode? by registrations_suck · · Score: 5, Informative

      Change your passcode.

      On the "Enter your new passcode" screen, there is a link called "Passcode Options". Click that.

      You then have three choices to choose from:
      1). Custom Alphanumeric Code
      2). Custom Numeric Code
      3). 4-Digit Numeric Code

    8. Re:Strength of passcode? by mark-t · · Score: 1

      Thank you... never saw that before.

      --
      File under 'M' for 'Manic ranting'
    9. Re:Strength of passcode? by mark-t · · Score: 2

      Or, you know, I could be only human, and simply not have realized all these years where the option was. As it turns out, the only way to apparently set this feature on is to enable it when you specifically select the option to change the passcode on the device. As I rarely change my passcode, I had not noticed this facility until it was explicitly pointed out to me in a comment above.

      But perish the notion that I am fallible, and that I wouldn't know something.... Clearly I have to be feigning ignorance, because it's so obvious that anyone would have realized it.

      Although I'm sure that someone who is as perfect as yourself wouldn't understand that.

      --
      File under 'M' for 'Manic ranting'
    10. Re:Strength of passcode? by aaarrrgggh · · Score: 1

      Others mention the length, but also remember that the distribution of digits is not uniform for pass codes-- 0, 1, 2 have the highest rate of occurrence, so if you are brute forcing you emphasize those numbers more. There is a good probability that out of six digits no more than two are 4-9, after you exhaust common keyboard patterns.

    11. Re:Strength of passcode? by AmiMoJo · · Score: 1

      Does it randomize the position of the numbers on the screen, to prevent finger smudge attacks?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    12. Re:Strength of passcode? by thegarbz · · Score: 1

      iPhone takes longer than a few hours to unlock, someone must be specifically hiding something! Guilty!

      -FBI

    13. Re:Strength of passcode? by mark-t · · Score: 3, Interesting

      I've known people who've spent 10 to 15 minutes dealing with the security checkpoints simply because they had their device set to fingerprint unlock, even though they didn't have anything in particular on the phone that security would have been interested in.

      That's why, about 30 minutes or so before I'm going through a security checkpoint where my belongings may be searched, I will unlock my phone so that it does not require any kind of password to turn on and navigate the home screen and applications. When they've asked to see the phone, I've simply handed it to them, they turned it on, saw that they had access to everything, and immediately handed it back without even trying to find anything or asking me any questions.

      It seems that simply having a device that is locked at all gives them enough reason to want to search it, while having a device that is not leaves them giving the device back right away with no questions asked.

      This also has the advantage that I will not be put in the position of even being asked for my password at all. Even though I may not legally have to tell them my passwords, I think that not cooperating with them, or even creating the appearance that I don't want to cooperate with them has some non-zero potential of making my life a whole lot more complicated than it needs to be, so unlocking the device beforehand so that it requires no such passcode avoids the matter entirely.

      --
      File under 'M' for 'Manic ranting'
    14. Re: Strength of passcode? by Anonymous Coward · · Score: 0

      That's because the UI is well designed and intuitive.

    15. Re:Strength of passcode? by Anonymous Coward · · Score: 0

      umm you just have to look at it now, no finger smudges

    16. Re:Strength of passcode? by letthelightin · · Score: 2

      You're lucky you're not a targeted person. We should all be constantly defending our right to privacy, along with our right to travel, so that those who actually have good reason to exercise them go as unnoticed as the next fellow.

    17. Re:Strength of passcode? by Solandri · · Score: 4, Insightful

      In Android you can just create a second user without a password and login to it. It'll have access to your installed apps (free ones and ones which are authorized for that account), but not your data (unless rooted and you have a file browser with root privileges). Unless you actually check for user accounts, it'll look just like a plain single-account unlocked phone.

    18. Re:Strength of passcode? by kilfarsnar · · Score: 1

      Does it randomize the position of the numbers on the screen, to prevent finger smudge attacks?

      Not that I'm aware of. But the phone screen is generally all smudged up, IMO. So seeing just prints over the relevant numbers is unlikely.

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
    19. Re: Strength of passcode? by Anonymous Coward · · Score: 0

      Yeah I was surprised, my girlfriend doesn't know anything about tech, but for some reason her iPhone passcode is like 27 chars long. I told her she is smart for that but she doesn't understand why.

    20. Re: Strength of passcode? by Anonymous Coward · · Score: 0

      Including the âoeDo you not wish to inhibit the negative non-transfer of your passcode in plaintext to all local and state law enforcement agencies, for safekeeping, just in case they need it someday?â
      [Yes] [Agree] [Affirmative] [NotCancel]

  5. Re:apple will just drop lightning cables in next p by XXongo · · Score: 1

    That's amusing, but of course there has to be some way to access the phone. Whatever they use, the cracking software will use that.

  6. I would use it to place Rickrolls by Anonymous Coward · · Score: 0

    When you get suckers desperate for “magic keys”, you are in a prime position to troll them. It would serve the law “enforcement” a lesson.

  7. Apple will buy one... by InvalidsYnc · · Score: 4, Insightful

    ...and then it will use it to determine how it is cracking the login, and then they will fix it, and the security will be even stronger for Apple. Sounds like a good deal. :P

    1. Re:Apple will buy one... by Anonymous Coward · · Score: 1

      This tool isn't completely new. The fact that Apple didn't address the issue yet says that the security hole isn't that easy to deal with.

    2. Re:Apple will buy one... by Xenoproctologist · · Score: 1

      ...Or, it says that the company making the thing vets all potential customers to make sure that they don't torpedo their meal ticket by selling to a). criminal organizations, or b). security groups who would tattle to Apple.

      Apple's probably going to have to figure this one out the old fashioned way.

    3. Re:Apple will buy one... by powerlord · · Score: 2

      Apple's probably going to have to figure this one out the old fashioned way.

      By buying it through a shell company?

      --
      This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
    4. Re:Apple will buy one... by thegarbz · · Score: 1

      Which is why it makes sense to order the $15000 limited use device rather than the more expensive unlimited device, even if you have more than 300 phones to unlock.

    5. Re: Apple will buy one... by Anonymous Coward · · Score: 0

      Law Enforcement agencies are units of government. I bet free lance resellers are refused, as they should be.

      Any guy off the street shouldn't be allowed to have one of these. I bet even Apple would agree.

    6. Re:Apple will buy one... by Anonymous Coward · · Score: 0

      criminal organizations

      Well, they already failed at that, by selling to the feds!

    7. Re: Apple will buy one... by powerlord · · Score: 1

      What about a security consulting and services company who performs electronic and physical pen-tests of US based data centers and R&D shops?

      Do you think Apple could put one together (or find/purchase a controlling share in a private one)?

      --
      This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
  8. IOS or Security Enclave by Dorianny · · Score: 4, Interesting

    Its obvious that they must have found an exploit that allows them to bypass the number-of-attempts security mechanism. I wonder if this is handled in IOS or if it is a more serious Security Enclave bug.

    1. Re:IOS or Security Enclave by Anonymous Coward · · Score: 3, Insightful

      Besides the Israeli and Russians who had it out years before. Service was easy in Thailand. A backdoor exploit must be non obvious. using the port not the screen is still obvious.Placing a logic analyzer in series with the connections is still obvious. It makes sense to impose a scramble box, then send to a 2nd iPhone. My bet is a memory dump occurs, and then is brute forced. And likely a 2nd round needed to find the salt, then a transformation. This would prevent simple replay attacks, and simple copycats.

    2. Re:IOS or Security Enclave by Anonymous Coward · · Score: 0

      In my view, Apple likely placed various implementation backdoors disguised as bugs under pressure from various governments. This "bug" is probably just one of many. If one truly values their privacy, avoid using cell phones of any kind unless essential. None can be trusted.

    3. Re:IOS or Security Enclave by Anonymous Coward · · Score: 0

      Nonsense. It was a feature created for older phones. Rather then risk users getting locked out as their on screen keyboards failed with age, Apple determined it was more cost effective to enable access for authorized apple care centers. Locations specifically in law enforcement were chosen to prevent abuse

      Apple is committed to the security of its users and will provide an option to disable this innovative feature in a future release.

      *The above was entirely sarcastic.

    4. Re: IOS or Security Enclave by Anonymous Coward · · Score: 0

      Security Enclave is the registered trademark for a line of vibrating butt plugs. What business does Apple have stealing it?

    5. Re:IOS or Security Enclave by powerlord · · Score: 1

      I thought you couldn't memory dump unless the phone unlocked to the device (as of recently, I think iOS10 or 11)?

      --
      This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
    6. Re:IOS or Security Enclave by Dorianny · · Score: 1

      Its a 4' by 4' box that is capable of working offline. Definitively no crypto brute-force going on here

  9. dmca does apply to police. by Joe_Dragon · · Score: 1

    dmca does apply to police.

  10. who cares, they already own you by Anonymous Coward · · Score: 0

    like there's anything we can do that will stop them from invading our privacy, it's over, we're done ....

    1. Re: who cares, they already own you by Anonymous Coward · · Score: 0

      Who owns you? Apple? You chose that freely.

  11. Probably cheaper... by Anonymous Coward · · Score: 0

    Probably cheaper to buy the entire company.

  12. Re:apple will just drop lightning cables in next p by omnichad · · Score: 1

    What and standardize on the USB-C connector that they helped popularize? Ironically, I really doubt it.

  13. NDA? by Anonymous Coward · · Score: 0

    Notably, Grayshift includes an ex-Apple engineer on its staff

    *Grabs the popcorn and waits for the 8+ figure lawsuit.*

  14. Re:apple will just drop lightning cables in next p by Opportunist · · Score: 5, Funny

    Has to? HAS TO? Challenge Accepted!

    --signed, Tim Cook.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  15. Did someone learn google? by Anonymous Coward · · Score: 0

    Did someone in the justice department finally learn how to google?? I have had to do this for +10 years in IT just for my job for users that forget their passkey's to unlock there phones. Usually the biggest issue is, can I beat the price of the 1st one I found - and were only talking about the difference of $3-200.

  16. Re:apple will just drop lightning cables in next p by Anonymous Coward · · Score: 0

    Have courage.

  17. Verified? by sqorbit · · Score: 2

    Has there been any verification that this software works? I've seen reports of police purchasing it,but no report it actually works.

    --
    Sent from my TARDIS
  18. Re:apple will just drop lightning cables in next p by Anonymous Coward · · Score: 0

    It will charge only using AppleTooth, wirelessly.

  19. Novice Question by nealf2007 · · Score: 1

    So a company will crack an iPhone for 50 bucks? What does that imply about the security of financial information on a lost smartphone? Is it even easier to crack Android Phones? If a smartphone comes into possession of a theft-ring, how long does it take to crack a phone with all current security updates in place?

    1. Re:Novice Question by InvalidsYnc · · Score: 1

      That's an interesting question. The front screen is just the first hurdle, depending on what they are trying to get to. For apps that use secondary authentication methods (fingerprint, facial scanning, DNA testing (just kidding, that doesn't come out for another couple years), etc) I don't know that they can get past that to get to say your financial institution. Would be interesting to find out if those can also be bypassed.

  20. Ever wondered by Anonymous Coward · · Score: 0
    Ever wondered why there are no reports on such devices/services for Android?

    Sure, it could be that Android devices are super secure. Or that you can find Rubber Ducky scripts that do that.

    1. Re: Ever wondered by Anonymous Coward · · Score: 0

      Only a moran would think any computer secure.

    2. Re: Ever wondered by powerlord · · Score: 1

      Especially with physical access compromised.

      --
      This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
  21. Forced decryption by Anonymous Coward · · Score: 0

    And this is exactly why, legislated, forced decryption will never work. If you store an 'extra' key on a device, even 'securely' store an 'extra' key, then someone will find out how to access that key.

  22. State Department? Hmmm. by PPH · · Score: 2

    Why would the State Department be cracking phones? They provide neither a law enforcement nor an intelligence function.

    --
    Have gnu, will travel.
    1. Re:State Department? Hmmm. by Anonymous Coward · · Score: 0

      From the post:
      " The "funding office" for the Grayshift purchase was the Bureau of Diplomatic Security, according to the procurement records. The Bureau acts as the law enforcement and security arm of the State Department, bearing "the core responsibility for providing a safe environment for the conduct of U.S. foreign policy," the State Department website reads."

    2. Re:State Department? Hmmm. by Anonymous Coward · · Score: 0

      Drain it.

    3. Re:State Department? Hmmm. by Anonymous Coward · · Score: 0

      Cracking all of Hillary's old blackberries and iphones is my guess.

    4. Re:State Department? Hmmm. by Anonymous Coward · · Score: 0

      Wrong.

      1) The Bureau of Diplomatic Security is the security and law enforcement arm of State and was established in 1916. Besides providing security for diplomats and embassies, the group investigates visa and passport fraud, coordinates fugitive apprehension, and detects and counters intelligence operations against its State's personnel and embassies.

      2) The Bureau of Intelligence and Research operates as one of the national intelligence agencies. It was part of the OSS during WW2 and transferred to State at the end of the war in 1945. Its mission is to provide intelligence support to all diplomats.

      3) The Bureau of Counter-Terrorism and Countering Violent Extremism coordinates US and foreign government efforts against terrorism. It was created in 1972 after the Munich Olympics terror attack.

    5. Re:State Department? Hmmm. by Anonymous Coward · · Score: 0

      The Bureau acts as the law enforcement and security arm of the State Department

      In my experience, when an organization needs its own police force, it is to keep legitimate law enforcement from getting a look at their operations.

      State Department: Nothing to see here. Move along.

  23. Because Freedumbs! by Anonymous Coward · · Score: 0

    Add one more Government department at war with its own citizens.

    Good thing Americans have all those guns. They'll totally fix these attacks on freedom and the Constitution... right gais?

  24. Our Diplomats are... by Anonymous Coward · · Score: 0

    Filthy spies and criminals and unamericans and we need to open their iphones to prove this!

  25. Apple will likely NOT fix this problem. by shubus · · Score: 2

    Apple is being forced into a corner to provide a backdoor so this hardware hack will probably be allowed to stand. So what does this hack do? Try all possible 6 digit passcodes until it unlocks? I had heard that after "X" number of bad passcode entries that the iPhone would wipe itself, but have never found out how to set this up.

    1. Re:Apple will likely NOT fix this problem. by Anonymous Coward · · Score: 0

      It's 10 and a simple search brings up many articles on how to do this. Here is one link: https://www.iphonelife.com/content/how-to-set-your-iphone-to-erase-all-data-after-10-failed-passcode-attempts

  26. 6 digits is not secure by Anonymous Coward · · Score: 0

    It's time for variable-length passphrases.

  27. Plausible Deniability by Anonymous Coward · · Score: 0

    The State Department provides Plausible Deniability for the FBI, CIA, local law enforcement, etc. Sure, it's paper-thin, but how much do you want to bet they'll try to use it?

    Also, the OP claims they bought the $15,000, good-for 300 unlocks version. I'll further bet that at least one of the following will happen (or prove to be true):

    1). They actually bought the $30,000, unlimited version;
    2). They will short upgrade to the $30,000, unlimited version;
    3). They will rip off the vendor and use their $15,000, good-for 300 unlocks version for unlimited use.

    There's no way this stays at a usage level of 300 phones. The Feds and law enforcement have thousands of phones they want to crack.

  28. Next Step... by lionchild · · Score: 1

    So...do you suppose that Apple will just buy Grayshift next, and resolve the issue? And how long before they do the same with Cellebrite?

    --
    Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
    1. Re:Next Step... by jeff4747 · · Score: 1

      Why buy the company when you can buy the device?

    2. Re:Next Step... by lionchild · · Score: 1

      Buy the device, you might not understand why it works. Buy the company, you buy the Intelectual Property, and maybe find an engineer in there who can make your products better before they roll out the door the first time.

      --
      Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
  29. Re:apple will just drop lightning cables in next p by Marxist+Hacker+42 · · Score: 1

    Yes, but will they drop Fingerprint scanners?

    And to think, the State Department could have saved $15,000 just by using a knife or a bullet to obtain a finger.

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  30. I can vouch for this... by Anonymous Coward · · Score: 0

    Be as annoyingly helpful as you can be, and you will piss them off because you are wasting their time.

    As an example: Taking all your stuff out of your luggage at the TSA checkpoint and taking up 5 bins.

    Reporting *EVERY* item in your luggage because it adds up to more than $200 dollars (or whatever the local quantity of stuff you are supposed to bring in is.)

    As long as your items aren't on the restricted item list and the worth of the items (or at least VISIBLE) items is less than they care about, they will just get annoyed and shoo you through without inspecting any further.

    Remember the old adage about hiding in plain site. It has always applied to travel and checkpoints/customs.

  31. What ever happened... by scdeimos · · Score: 1

    ... to the Computer Fraud and Abuse Act?

    Can't the police, FBI and State Department be charged under the CFAA every time they use this device? "Oh, but we were doing it to serve the law!" is not an excuse otherwise White Hats would be immune from prosecution.

  32. Re:apple will just drop lightning cables in next p by Anonymous Coward · · Score: 0

    That only works if you are dumb enough to turn on device unlocking with your fingerprint...