Cops Around the Country Can Now Unlock iPhones, Records Show

Law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors, Motherboard reported on Thursday. From the report: FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

Not the tool wanted

[sit1963nz]

This is NOT the tool wanted. This tool means they have to have physical access to the phone.

What they REALLY want is a remote backdoor so they can spy on everyone in real time if they want.

Re:what is it?

[93+Escort+Wagon]

Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

If we knew what it was, Apple would know too - and would likely have patched it by now. And given we haven't heard anyone grousing about it, the box almost certainly works without triggering the lockout limit.

I fervently hope Apple is doing what they can to acquire one of these boxes through back-channels. It's only a matter of time until one or more Greykey boxes gets stolen and reverse engineered by criminals; I'd just as soon Apple put feelers out now saying "we're willing to pay a whole lot of money for one of these".

Simple 4-6 digit passcodes. Not complex passcodes

[JoeyRox]

Based on the quoted time to crack the exploit is likely using brute-force - the purpose of the device is to guess those while also disabling the usual 10-guess iOS limit before the device is locked. However, iOS supports complex passcodes as well, up to at least 90 alphanumeric characters, and these are are unlikely to be cracked.

Re:what is it?

[demonlapin]

Hell, the criminals will have an easier time of it than Apple. The criminals already know crooked cops who will, for a fee, order one for them.

Re:what is it?

[AmiMoJo]

Couldn't a victim of a Greykey demand to see the source code at their trial? How else could the cops demonstrate that the device doesn't also plant evidence or alter the phone in some other way? It clearly alters the device being unlocked in some way, which seems to make it dubious as evidence.