With the help of the iPhone-cracking GrayKey, local police departments and government agencies alike are gaining the ability to crack the security in the iPhone in ever-greater numbers, a new report says.
Back in early 2016, Apple famously refused to assist the FBI in unlocking an iPhone 5c belonging to Syed Rizwan Farook, one of the shooters in that year's San Bernardino attack. The FBI later got into the device on their own, setting off an entire round of disputes between the company and federal law enforcement.
Both federal law enforcement and local police departments have begun using GrayKey, a relatively inexpensive encryption bypass tool, and other tools like it, according to an investigative piece published by Motherboard.
Vice found, using public records requests, that the State Department has purchased GrayKey technology, as have the Indiana and Maryland State Police. The Secret Service and Drug Enforcement Agency are planning to, and the Indianapolis and Miami-Dade police departments either have bought the equipment or have sought it.
The same site had reported last month that the Indiana State Police had contracted to use GrayKey. Beyond Indiana, Vice does not say in the piece exactly how many state and local police departments are using GrayKey.
The device can unlock an iPhone in a matter of hours for a four-digit passcode, but six-digit passcodes, now the standard, can take as long as three days, according to an analysis by MalwareBytes.
GrayKey is manufactured by a startup company called Grayshift, with Braden Thomas, a former Apple security engineer, among its principals. Thomas has his name on at least five Apple patents.
The GrayKey device has been described as "a pocket-sized device with questionable security," available in $15,000 and $30,000 editions.
The piece also notes that despite the FBI using GrayKey, FBI Director Christopher Wray has said publicly that "we face an enormous and increasing number of cases that rely on electronic evidence. We also face a situation where we're increasingly unable to access that evidence, despite lawful authority to do so," according to comments published by the website Lawfare, and cited by Vice.