US government gets its hand on $15,000 iPhone cracking device

Until a couple of weeks ago, Cellebrite was one of the known few firms claiming to crack any iPhone device including iPhone X. But lately, a startup service GrayShift is making headlines for similar claims and states that cracking iPhone X and 8 is one of the core abilities of its GrayKey product.

Now, the US Department of State’s Bureau of Diplomatic Security has apparently ordered a GrayShift product which is believed to be GrayKey that costs $15,000 a piece.

According to purchase records seen by Motherboard, the order has been mentioned under “computer and computer peripheral equipment.” However, Motherboard also confirms that the product is indeed GrayKey since the phone number of the vendor is the same as mentioned in the recent purchase order of GrayKey carried out by Indian State Police.

A screenshot of procurement records shared by Motherboard.

The IT security giant Malwarebytes who saw leaked GrayKey documents wrote their findings and stated that the device can crack two iPhones at the same time and depending on the length of the passcode, it takes minutes or days to crack the device regardless of what iPhone model or iOS version.

US government gets its hand on $15,000 iPhone cracking device
Screenshot from the leaked Grayshift’s email shared by Malwarebytes shows how GrayKey shows iPhone’s passcode.

As a result, authorities or cybercriminals can accesses personal and financial data from the targeted device including names, personal phones and videos, email accounts, phone numbers, credit card numbers, text messages and even social media accounts.

It is no surprise that law enforcement and the FBI are not a fan of encryption and encrypted devices. In January this year, FBI director Christopher Wray revealed that in 2017 the agency failed to open 7,800 mobile devices and view their contents.

One case that made the news in 2016 was regarding the access to encrypted iPhone 5C device of San Bernardino shooter in which the Bureau asked Apple for access to the phone but the request was declined by the company. It was then that the agency took Cellebrite‘s offer of help in unlocking San Bernardino shooter’s iPhone for $900,000.

Another product called “Textalyzer” can also do wonders for law enforcement authorities in the United States. Although it does not crack an iPhone, it does allow cops to see if the driver has been using their cell phones whilst driving, recording their every click, tap or swipe, and even tells the apps the drivers were using – Police officers can also download all the data from the suspect’s smartphone within a few seconds right on the spot.

Therefore, the existence of a device like GrayKey should not be surprising at all. However, it is worrisome since privacy is no longer secure. It will be important to see what Apple has in store to make sure the privacy of its users is not at risk either by the police or cybercriminals.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.