Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

FBI reportedly accessed locked iPhone 11 Pro Max with GrayKey third party tool

GrayKey device. | Source: MalwareBytes

Last updated

The FBI recently cracked the encryption of Apple's latest and greatest iPhone 11 Pro Max, a report said Wednesday, prompting questions as to why the agency is demanding the company assist in accessing two older iPhone models as part of a high-profile case.

In 2019, FBI investigators working on a case in Ohio were tasked with executing a search warrant on property owned by Baris Ali Koch, reports Forbes. Among the items seized was a locked iPhone 11 Pro Max that, according to the report, investigators subsequently accessed without Apple's help.

Koch stands accused of misprision of a felony for helping his convicted brother flee the U.S. by providing a duplicate driver's license and lying to federal agents. He is currently awaiting sentencing.

As part of the investigation into Koch, FBI personnel on Oct. 11, 2019, acquired the suspect's iPhone 11 Pro Max which, according to Koch's lawyer, Ameer Mabjish, was locked and protected by a passcode. Mabjish confirmed to Forbes that no passcode was furnished to authorities, nor was Koch forced to unlock the iPhone via Face ID authentication.

Interestingly, a search warrant filed on Oct. 30 reveals the FBI has in its possession a USB drive containing "GrayKey derived forensic analysis" of the iPhone in question. Produced by startup Grayshift, GrayKey is a data forensics tool that enables law enforcement agencies to thwart iPhone security protocols for purposes of data extraction.

While not specified in the Oct. 30 search warrant, the report suggests the FBI successfully deployed GrayKey to gain access to Koch's iPhone 11 Pro Max.

If officials were indeed able to crack Apple's latest iPhone security safeguards, it is possible that the FBI and other agencies have a means to access the much older iPhone 5 and iPhone 7 Plus handsets involved in more recent case.

Last week, the FBI asked Apple for assistance in "unlocking" two iPhones owned by Mohammed Saeed Alshamrani, a Saudi Air Force cadet accused of killing three sailors and injuring eight others in an attack at the Naval Air Station in Pensacola, Fla., in December. The situation escalated quickly, with Attorney General Bill Barr putting out a public plea for Apple's compliance on Monday, while President Donald Trump slammed the company for its stance on strong device encryption a day later.

The Department of Justice claims it has exhausted all internal and external options, meaning Apple's expertise is the only path forward. Officials refuse to enumerate exactly what methods were attempted.

While Apple has cooperated with FBI requests by handing over user data like iCloud backups and account information, it has declined to extract data from Alshamrani's iPhone as doing so would necessitate the creation of a backdoor. The tech giant is staunchly opposed to such action as it would purportedly threaten the security of all iPhone users.

Pundits speculate Trump, Barr and the DOJ are using the Pensacola case to rope Apple into a precedent-setting legal fight over encryption. Apple faced a similar court battle in 2016 when it refused to unlock an iPhone 5c used by the San Bernardino shooter. In that case the DOJ threatened a showdown but pulled out at the eleventh hour after finding a third party contractor capable of extracting data from the device.

That said, the DOJ might be telling the truth. Apple could have identified and patched the vulnerabilities GrayKey leveraged to break iPhone 11 Pro Max encryption in the intervening months since Koch's iPhone was seized. Alternatively, GrayKey could be in possession of an exploit that applies only to newer model handsets, though such a scenario is unlikely given Apple's encryption architecture.

In any case, Apple is reportedly preparing for a legal scrum as it simultaneously works to keep the issue out of court.



32 Comments

lkrupp 10521 comments · 19 Years

You know what? I don't believe in "reports" anymore. It's all anonymous, uncorroborated speculation. Then "journalists" take it and run with it as if it's the gospel truth, and build a fantasy truth around it. Bottom line, it's complete bullshit. Maybe the FBI cracked the "latest and greatest" iPhone and maybe they didn't. Maybe this is all propaganda by god knows who to make a point. We don't know. And now the Asshole in Chief is trashing Apple once again. And Apple tech blogs take the bait every damn time.

wood1208 2938 comments · 10 Years

Probably conspiracy theory to bring AAPL stock down. No Problem. I will buy some.

MplsP 4047 comments · 8 Years

"Pundits speculate Trump, Barr and the DOJ are using the Pensacola case to rope Apple into a precedent-setting legal fight over encryption"

If the above reports are true then this could well be the case and would be my guess.

bageljoey 1997 comments · 18 Years

AI has been fine, but the regular media has been reporting this like Apple has all his data hidden in their care. Rarely is it explained that what they want Apple to do is create a broken operating system and load it onto the phone. 

I don’t see why any reasonable person would agree to that. 

You know, people can have conversations in their own houses and law enforcement has no way to access the information shared in those conversations after the fact. Maybe they should compel Google to record and store every conversation their devices pick up in case those conversations are needed later...

anantksundaram 20391 comments · 18 Years

Assuming this is true — which is not necessarily a good assumption — it is a bit troublesome that Apple’s vaunted privacy/security protocols are regularly getting violated by third-party nothings.