There Is No Going Dark: Another Vendor Selling Tool That Cracks All iPhones
from the FBI's-dystopian-fiction-develops-another-plot-hole dept
The FBI continues to push its "going dark" theory. It's not interested in the truth. It would rather have a legislative mandate or a string of favorable court decisions than utilize options vendors have made available. These are the candles the FBI will forgo to publicly curse the darkness. A recent Inspector General's report made it crystal clear: those charged with finding a way to crack open the San Bernardino shooter's cell phone slow-walked their search in hopes of ending up with a judicial mandate forcing Apple to crack its own encryption.
The complaints about the darkness continue, even as vendors like Cellebrite have shown they can crack any iPhone given enough money and time. There are solutions out there, but the FBI doesn't want them. Cellebrite isn't the only company with an iPhone crack for sale. As Joseph Cox reports for Motherboard, another device has surfaced that can brute force its way past iPhone lock screens. The FBI may continue its disingenuous push for weakened encryption, but law enforcement agencies around the nation are more than willing to pay for a solution that doesn't involve Congressional reps or federal judges.
Grayshift has been shopping its iPhone cracking technology to police forces. The firm, which includes an ex-Apple security engineer on its staff, provided demonstrations to potential customers, according to one email.
"I attended your demo presentation recently held at the Montgomery County Police Headquarters and was pleased by your product's potential," an Assistant Commander from the Technical Investigations Section at the Maryland State Police wrote in an email to Grayshift in March.
The GrayKey itself is a small, 4x4 inches box with two lightning cables for connecting iPhones, according to photographs published by cybersecurity firm Malwarebytes. The device comes in two versions: a $15,000 one which requires online connectivity and allows 300 unlocks (or $50 per phone), and and an offline, $30,000 version which can crack as many iPhones as the customer wants. Marketing material seen byForbes says GrayKey can unlock devices running iterations of Apple's latest mobile operating system iOS 11, including on the iPhone X, Apple's most recent phone.
According to documents obtained by Motherboard, multiple state and local law enforcement agencies have purchased Grayshift's device. The documents also show many agencies expressing an interest in picking up a GrayKey, including some at the federal level, like the DEA and, oddly enough, the FBI. The FBI doesn't appear to have acquired one yet, but if that's the case, it's lagging behind local PDs with less funding and tech expertise. It's also trailing the State Department, which has already acquired at least one of the devices.
The device comes in two flavors: an online version with a fixed number of unlocks or an offline version that retails for twice as much ($30,000) but can be used as often as the purchaser wants (or until Apple fixes the vulnerability, whichever comes first). The brute force method deployed takes anywhere from 2 hours to several days, depending on passcode complexity.
"Going dark" is a convenient lie. The FBI has been deliberately misconstruing reality for a couple of years now, beginning with then-director James Comey's coining of the phrase. Even while Comey was peddling his "going dark" theory to security researchers, Congressional reps, and federal judges, the FBI was rarely having trouble accessing device contents. In 2016, the FBI admitted it could access the contents of passcode-protected devices 87% of the time. Somehow, despite only incremental changes in encryption offerings, the small number of locked devices has grown from ~880 to over 7,000 in two years. This suggests FBI officials are more interested in generating a "going dark" narrative than actually deploying available tech to access contents of seized devices.
The existence of another device capable of cracking iPhone encryption should be good news for the FBI. Other law enforcement agencies apparently view this as a plus. The downside for those not employed by the government is that there's a vulnerability in iPhones Apple hasn't fixed yet. And, given the intense secrecy surrounding vendors of exploits, we have no idea how many governments have purchased iPhone-cracking devices. It's unlikely Hacking Team is the only exploit vendor selling to authoritarian governments and UN-blacklisted countries. It's just the only one to have been caught doing it. An exploit is an exploit and it will be used by the good and the bad.
Not that relegating it to "good" law enforcement agencies is necessarily a huge improvement. Authoritarian regimes may use tools like this to go after critics and stifle dissent, but let's not forget the FBI has a long history of doing exactly the same thing under the guise of protecting public safety. And, at this point, the FBI isn't being honest about its weapons stockpiles during this Crypto Cold War. Sure, it needs to retain some sort of tactical advantage -- whether it's pursuing bad guys or legislation -- but it should never be granted full credibility when it talks about thousands of unlocked phones, the coming darkness, and how much security we should be forced to give up in the name of public safety.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, encryption, fbi, going dark, hacking, iphones, smartphones
Companies: apple, cellebrite, grayshift
Reader Comments
Subscribe: RSS
View by: Time | Thread
Interesting
It was very high profile and nasty - allowing the FBI to tug strongly on the heart strings of anyone who might be tempted to oppose them. On the other hand the actual data they were looking for was pretty much moot - the perpetrators were dead - and anyone with a brain could tell that there were highly unlikely to be any unknown but direct associates out there that needed stopping from further atrocities.
Hence the process could safely be delayed whilst the court processes took place.
[ link to this | view in chronology ]
Re: Interesting
This is another case where you should be using a longer passcode and turn on auto-wipe after so many failed attempts. A 4 digit code they can brute force pretty quickly, even 6 digits, doesn't take much longer.
You do notice all this talk about breaking into iPhones, yet never hear about trying to breaking into Android phones. Seems security on those are a joke.
[ link to this | view in chronology ]
Re: Re: Interesting
There's a retry timer that makes bruteforcing take a long time (doubling on each retry, so 2^1000 seconds for a 4-digit code). If they can get around that, they can get around "auto-wipe" too; they're both features implemented in the firmware, because they're no physical basis for either (i.e., the electrons are there, and with enough work the data they represent can be copied into hardware that gives unlimited fast retries).
Apple has tried to make it difficult to copy the data, so far with limited success. Look at the history of satellite smartcard hacking to see the future of this.
[ link to this | view in chronology ]
How is this any different?
And why should law enforcement get every single piece of evidence they demand? They don't have to solve every single crime; no one should expect them to.
[ link to this | view in chronology ]
Re: How is this any different?
[ link to this | view in chronology ]
Re: Re: How is this any different?
[ link to this | view in chronology ]
I wonder if they would sell on to Apple.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Now the chief has a $30,000 paperweight for his desk.
Next thing: Suing Apple and trying to hold them liable for damages for fixing exploits in their own software because it bricks these expensive work-arounds the cops are spending so much money on.
[ link to this | view in chronology ]
suggested rewording
>>in the name of public safety.
To be more accurate, what about:
"...and how much actual public safety we should be forced to give up in the name of a false claim of public safety."
[ link to this | view in chronology ]
Shut the fuck up
Bend Over
Smile........................
It's for your Own good.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Ever brag about how any DRM will be defeated?
[ link to this | view in chronology ]
Re: Ever brag about how any DRM will be defeated?
Kerckhoffs's principle suggests otherwise: "A cryptosystem should be secure even if everything about the system, except the key, is public knowledge."
What DRM system has ever survived that? Lots of crypto algorithms have.
Obviously Apple needs to keep it in mind too. Their security code should have never been secret (it was recently leaked).
[ link to this | view in chronology ]
Re: Ever brag about how any DRM will be defeated?
DRM has a fatal flaw compared to other encryption systems, the person you want to keep out is also the person you want to give the decrypted contents to.
[ link to this | view in chronology ]
True, for now, but ....
[ link to this | view in chronology ]
Re: True, for now, but ....
If anything, they can spy on people easier these days than ever before. Going dark is a myth. Besides. 99% of the population shouldn't give up their privacy, for the 1% of criminals they're after.
[ link to this | view in chronology ]
Re: True, for now, but ....
There will always be a way in. The question is, will it be a door with a bright neon sign saying "I'm an easy target!" with a simple padlock on it, or will it require the equivalent of an Ocean's 11 or Mission Impossible team, people with highly specialized skills and access to resources that your common thief and script kiddie doesn't?
[ link to this | view in chronology ]
Re: Re: True, for now, but ....
Everyone will be invited to the party at your house.
[ link to this | view in chronology ]
Re: Re: Re: True, for now, but ....
The door with the bright neon sign over it is representative of the encryption backdoors the FBI wants tech companies to put in. While the other option represents a lot of time and effort put in by dedicated hackers or state actors to try and find a way to break into a strongly encrypted device/system that may or may not be known or exist. One is dumb and stupid, the other is sadly a fact of life and tech development.
[ link to this | view in chronology ]
Re: True, for now, but ....
[ link to this | view in chronology ]
Cracking an iPhone is easy
[ link to this | view in chronology ]
Re: Cracking an iPhone is easy
[ link to this | view in chronology ]
Re: Cracking an iPhone is easy
s/tall building/coffee table
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Has Apple bought one?
[ link to this | view in chronology ]
That's still going dark
[ link to this | view in chronology ]
Mass surveillance
It means an agency or precinct that buys the full version can run it on any iPhone on any detained individual they come across, and if it yields access to their online accounts, all their emails, social networking and contacts.
This can runaway into mass surveillance pretty fast.
[ link to this | view in chronology ]
Targeted Investigation vs Mass Surveillance
There is thus no real "going dark" problem for the sort of *limited* access based on *individual suspicion* that the police are *supposed* to be doing. The problem is that the police want to be able to spy on everybody, and these techniques simply don't scale up sufficiently to enable that.
[ link to this | view in chronology ]
Fear leads to anger, anger leads to hate, hate leads to suffering. I sense much fear in you.”
[ link to this | view in chronology ]
Perception Problem
Remind me again, which are the "good" ones?
[ link to this | view in chronology ]
Just makes the needle in the Haystack that much harder to find .
The Show must go on yes ?
No one no where is truly safe
Once they zero in on anyone person said persons life is basically over as they have hoovered up so much information they just need a target to unleash on.
Its like getting caught speeding , everyone does it just sucks to be you when randomly caught ,except here its not random when they target you and there is no fine and you go on your merry way .
So little hamsters keep going round on the wheel and
be ignorant of everything else out side your cage
cause your just where they want you to be ........
chasing that cheeze
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]