This is part of an ongoing Motherboard series on the proliferation of phone cracking technology, the people behind it, and who is buying it. Follow along here.FBI Director Christopher Wray recently said that law enforcement agencies are “increasingly unable to access” evidence stored on encrypted devices.Wray is not telling the whole truth.Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.
Advertisement
The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI’s argument for introducing backdoors into consumer devices so authorities can more readily access their contents.“It demonstrates that even state and local police do have access to this data in many situations,” Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, told Motherboard in a Twitter message. “This seems to contradict what the FBI is saying about their inability to access these phones.”As part of the investigation, Motherboard found:
- Regional police forces, such as the Maryland State Police and Indiana State Police, are procuring a technology called ‘GrayKey’ which can break into iPhones, including the iPhone X running the latest operating system iOS 11.
- Local police forces, including Miami-Dade County Police, have also indicated that they may have bought the equipment.
- Other forces, including the Indianapolis Metropolitan Police Department, have seemingly not bought GrayKey, but have received quotations from the company selling the technology, called Grayshift.
- Emails show the Secret Service is planning to buy at least half a dozen GrayKey boxes to unlock iPhones.
- The State Department has already bought the technology, and the Drug Enforcement Administration is interested in doing so.
- The FBI is also looking to buy GrayKey, according to online procurement records.
Advertisement
THE KEY
The issue GrayKey overcomes is that iPhones encrypt user data by default. Those in physical possession normally cannot access the phone’s data, such as contact list, saved messages, or photos, without first unlocking the phone with a passcode or fingerprint. Malwarebytes’ post says GrayKey can unlock an iPhone in around two hours, or three days or longer for 6 digit passcodes.Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
Advertisement
And police forces are ready to use GrayKey. David R. Bursten, chief public information officer from the Indiana State Police, wrote in an email to Motherboard that the force had only recently obtained the GrayKey device, but that “this investigative tool will be used, when legally authorized to do so, in any investigation where it may help advance an investigation to identify criminal actors with the goal of making arrests and presenting prosecutable cases to the proper prosecuting authority.”
Greg Shipley, Maryland State Police spokesperson, told Motherboard “the connection of electronic devices to a wide range of crimes continues to increase, so the need to obtain investigative information from these devices during a criminal investigation continues to grow.” Last week Maryland State Police told Motherboard that the force is in the early stage of procuring GrayKey; one of the documents obtained includes a price quote from GrayKey dated March 22.Multiple employees of Grayshift did not respond to requests for comment. In response to a Freedom of Information Act request, the FBI refused to say whether it had purchased GrayKey.But the FBI is looking to buy the tech, according to a March 8 procurement record. An attached Request for Quotation document says the FBI wants 6 of the offline GrayKey units."Only the GreyShift/GreyKey solution can meet the FBI’s technical requirements," another document reads. It adds that GrayKey can "provide a more economical solution for iOS mobile device processing," and that the device "fills a critical need."
Advertisement
KICKING DOWN THE BACKDOOR
Advertisement
In March, the New York Times reported that FBI and Justice Department officials have reignited the hunt for backdoors, and have been quietly meeting with security researchers. And earlier this month, Cyberscoop reported that staffers of the Senate Judiciary Committee have been contacting US tech companies regarding potential future legislation around encryption.Adding an iPhone backdoor, by its nature, adds new vulnerabilities into a otherwise fairly secure phone that provides robust encryption by default. GrayKey’s existence and widespread availability “means that adding backdoors isn’t so much a question of adding a secure door to the walls of a stone castle. It’s like adding extra holes in the walls of a sandcastle,” Green, the Johns Hopkins cryptographer, said. “It seems totally reckless to add additional mandatory vulnerabilities.”Instead of backdoors, some technologists say the current system of hacking is the best we can hope for: a phone is released; companies such as Grayshift look for ways to access the device; for a time their tools work; then the phone manufacturer issues a fix or a new operating system version, and the cycle repeats.“The success of companies like Grayshift in finding and exploiting ways to gain access to even the latest, most secure smartphone models demonstrates that flaws will always exist despite manufacturers' best efforts,” Pfefferkorn said."Adding backdoors isn’t so much a question of adding a secure door to the walls of a stone castle. It’s like adding extra holes in the walls of a sandcastle."
Advertisement
But to be clear, GrayKey is not the end of this debate. Whatever exploits GrayKey is taking advantage of may stop working at some point. The FBI wanted to force Apple to tweak the San Bernardino iPhone running in February 2016; Cellebrite announced it could crack devices running iOS 9—the particular iOS version the phone was using—in July 2016. Even when phone crackers eventually catch up, there can still be a period of time when agencies may indeed be dark on a suspect’s phone.This is, presumably, the reason the DOJ and FBI would like backdoors: they provide more guaranteed access over a period of time, rather than catching up with each iteration of a phone cracking product. Cost might be a factor too—forcing tech companies to facilitate access could be cheaper than buying more cracking tools.“The FBI does not comment on specific tools or technologies; however, there is no one size fits all solution to Going Dark,” an FBI spokesperson told Motherboard in a statement.In March, FBI Director Wray said the Bureau had nearly 7,800 phones it could not unlock last year. Maybe the FBI could get in touch with the country’s local police forces.Update: This piece has been updated to include that the FBI refused to say whether it has bought GrayKey or not in a Freedom of Information Act request response, and that the FBI is looking to purchase the technology, according to online records.Get six of our favorite Motherboard stories every day by signing up for our newsletter.