The challenge is not new. Law enforcement have had to face a barrier of encryption to access data on phones it would consider vital evidence in prosecutions. But ever since the San Bernardino mass shooting late in 2015 — where the FBI failed to compel Apple into hacking the shooter’s iPhone and, potentially, dole out a key to the encryption on other iPhones — police agencies have been very insistent on getting past lock screens any way they can.
Enter the GrayKey from manufacturer Grayshift. It’s a small box, about 4 inches by 4 inches by 2 inches, and has two male Lightning connectors sticking out of it. Grayshift has been going out to police departments, state investigative agencies and the FBI to sell prospective customers on this box that is said to crack open an iPhone running iOS 11 and protected with a four-digit passcode in two hours and a six-character passcode in as little as three days — all without risking an automatic data wipe after ten attempts by brute force.
Motherboard reports that the several agencies have shown interest in buying a GrayKey, such as the Indianapolis Metropolitan Police Department, the Indiana State Police, the Maryland State Police. Federal agencies such as the Drug Enforcement Administration, the FBI, the Secret Service, the State Department, have plans to do so. Miami-Dade County Police in Florida may have already obtained the device.
The FBI reportedly paid $2 million to gray hat hackers to hack into the 2015 shooter’s iPhone 5C featuring iOS 9. Cybersecurity research house Malwarebytes reports that it was quoted $30,000 for a GrayKey box with unlimited use and $15,000 for a 300-use box that must be used with an internet connection.
The FBI signed procurement documents last month indicating that it wanted six GrayKey boxes. The agency wrote that the product was the only one to “meet the FBI’s technical requirements” and is “more economical” for cracking into iOS.
But for its worth, GrayKey — at least this version of it — may not work for too long as Apple may be able to patch the vulnerabilities that the hardware exploits. It’s par for the course, actually: the software gets updated and security firms try to knock newly built walls down and sell that ability to the long arm of the law.
Apple is insistent that it would not build a backdoor to its encryption for the iPhone as to let the government a permanent access hatch to any iOS user’s personal data. FBI Director Christopher Wray said last month that the bureau took custody of around 7,800 phones last year that it cannot unlock.