There Is No Going Dark: Another Vendor Selling Tool That Cracks All iPhones

from the FBI's-dystopian-fiction-develops-another-plot-hole dept

Mon, Apr 16th 2018 6:23am — Tim Cushing

The FBI continues to push its "going dark" theory. It's not interested in the truth. It would rather have a legislative mandate or a string of favorable court decisions than utilize options vendors have made available. These are the candles the FBI will forgo to publicly curse the darkness. A recent Inspector General's report made it crystal clear: those charged with finding a way to crack open the San Bernardino shooter's cell phone slow-walked their search in hopes of ending up with a judicial mandate forcing Apple to crack its own encryption.

The complaints about the darkness continue, even as vendors like Cellebrite have shown they can crack any iPhone given enough money and time. There are solutions out there, but the FBI doesn't want them. Cellebrite isn't the only company with an iPhone crack for sale. As Joseph Cox reports for Motherboard, another device has surfaced that can brute force its way past iPhone lock screens. The FBI may continue its disingenuous push for weakened encryption, but law enforcement agencies around the nation are more than willing to pay for a solution that doesn't involve Congressional reps or federal judges.

Grayshift has been shopping its iPhone cracking technology to police forces. The firm, which includes an ex-Apple security engineer on its staff, provided demonstrations to potential customers, according to one email.

"I attended your demo presentation recently held at the Montgomery County Police Headquarters and was pleased by your product's potential," an Assistant Commander from the Technical Investigations Section at the Maryland State Police wrote in an email to Grayshift in March.

The GrayKey itself is a small, 4x4 inches box with two lightning cables for connecting iPhones, according to photographs published by cybersecurity firm Malwarebytes. The device comes in two versions: a $15,000 one which requires online connectivity and allows 300 unlocks (or $50 per phone), and and an offline, $30,000 version which can crack as many iPhones as the customer wants. Marketing material seen byForbes says GrayKey can unlock devices running iterations of Apple's latest mobile operating system iOS 11, including on the iPhone X, Apple's most recent phone.

According to documents obtained by Motherboard, multiple state and local law enforcement agencies have purchased Grayshift's device. The documents also show many agencies expressing an interest in picking up a GrayKey, including some at the federal level, like the DEA and, oddly enough, the FBI. The FBI doesn't appear to have acquired one yet, but if that's the case, it's lagging behind local PDs with less funding and tech expertise. It's also trailing the State Department, which has already acquired at least one of the devices.

The device comes in two flavors: an online version with a fixed number of unlocks or an offline version that retails for twice as much ($30,000) but can be used as often as the purchaser wants (or until Apple fixes the vulnerability, whichever comes first). The brute force method deployed takes anywhere from 2 hours to several days, depending on passcode complexity.

"Going dark" is a convenient lie. The FBI has been deliberately misconstruing reality for a couple of years now, beginning with then-director James Comey's coining of the phrase. Even while Comey was peddling his "going dark" theory to security researchers, Congressional reps, and federal judges, the FBI was rarely having trouble accessing device contents. In 2016, the FBI admitted it could access the contents of passcode-protected devices 87% of the time. Somehow, despite only incremental changes in encryption offerings, the small number of locked devices has grown from ~880 to over 7,000 in two years. This suggests FBI officials are more interested in generating a "going dark" narrative than actually deploying available tech to access contents of seized devices.

The existence of another device capable of cracking iPhone encryption should be good news for the FBI. Other law enforcement agencies apparently view this as a plus. The downside for those not employed by the government is that there's a vulnerability in iPhones Apple hasn't fixed yet. And, given the intense secrecy surrounding vendors of exploits, we have no idea how many governments have purchased iPhone-cracking devices. It's unlikely Hacking Team is the only exploit vendor selling to authoritarian governments and UN-blacklisted countries. It's just the only one to have been caught doing it. An exploit is an exploit and it will be used by the good and the bad.

Not that relegating it to "good" law enforcement agencies is necessarily a huge improvement. Authoritarian regimes may use tools like this to go after critics and stifle dissent, but let's not forget the FBI has a long history of doing exactly the same thing under the guise of protecting public safety. And, at this point, the FBI isn't being honest about its weapons stockpiles during this Crypto Cold War. Sure, it needs to retain some sort of tactical advantage -- whether it's pursuing bad guys or legislation -- but it should never be granted full credibility when it talks about thousands of unlocked phones, the coming darkness, and how much security we should be forced to give up in the name of public safety.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, encryption, fbi, going dark, hacking, iphones, smartphones
Companies: apple, cellebrite, grayshift

35 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Richard (profile), 16 Apr 2018 @ 6:35am

Interesting
The choice of the San-Bernardino case for this exercise is telling.

It was very high profile and nasty - allowing the FBI to tug strongly on the heart strings of anyone who might be tempted to oppose them. On the other hand the actual data they were looking for was pretty much moot - the perpetrators were dead - and anyone with a brain could tell that there were highly unlikely to be any unknown but direct associates out there that needed stopping from further atrocities.

Hence the process could safely be delayed whilst the court processes took place.
[ link to this | view in thread ]
John Snape (profile), 16 Apr 2018 @ 6:38am

How is this any different?
How is this any different from a suspect writing in code?

And why should law enforcement get every single piece of evidence they demand? They don't have to solve every single crime; no one should expect them to.
[ link to this | view in thread ]
I.T. Guy, 16 Apr 2018 @ 6:40am

"GrayKey can unlock devices running iterations of Apple’s latest mobile operating system iOS 11, including on the iPhone X, Apple’s most recent phone."

I wonder if they would sell on to Apple.
[ link to this | view in thread ]
I.T. Guy, 16 Apr 2018 @ 6:43am

Re: How is this any different?
It's about the ability to spy. It has nothing to do with evidence. It's about the letter agencies running roughshod all over the constitution and people's rights since 911.
[ link to this | view in thread ]
mcinsand, 16 Apr 2018 @ 6:52am

suggested rewording
>>...and how much security we should be forced to give up
>>in the name of public safety.

To be more accurate, what about:

"...and how much actual public safety we should be forced to give up in the name of a false claim of public safety."
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 6:53am

America 2018
Shut the fuck up
Bend Over
Smile........................
It's for your Own good.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 7:37am

Re: Re: How is this any different?
Including both gop & dnc as they are three letter acronyms.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 7:39am

Re:
Been that way for some time, the big difference today is they no longer care to cover it up. They do not even try anymore.
[ link to this | view in thread ]
Mark Roy, 16 Apr 2018 @ 7:40am

True, for now, but ....
I don't support encryption backdoors. But the argument that "going dark is a convenient lie" is only true in the short term, isn't it?. I assume that Apple's already working on plugging whatever holes are allowing these cracking tools to work. So, their usefulness will be short-lived, I expect.
[ link to this | view in thread ]
JoeCool (profile), 16 Apr 2018 @ 7:47am

Re:
I'd imagine Apple bought one on the sly and has their engineers looking at it. If they were smart, they have.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 7:50am

Re: Interesting
They also destroyed their own personal phones and HDD. This other phone was a company phone. In the end, there wasn't anything on it. They already got any data on Apple's iCloud account. Apple does have the keys for that and does hand out that data.

This is another case where you should be using a longer passcode and turn on auto-wipe after so many failed attempts. A 4 digit code they can brute force pretty quickly, even 6 digits, doesn't take much longer.

You do notice all this talk about breaking into iPhones, yet never hear about trying to breaking into Android phones. Seems security on those are a joke.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 7:54am

Re: True, for now, but ....
The whole going dark is a joke. People are throwing in Amazon Echo's and Google Home Devices so they the GOvernment doesn't even have to go into your house and plant mics, you're doing it to yourself. You have Camera's, which many of them they can gain access to.

If anything, they can spy on people easier these days than ever before. Going dark is a myth. Besides. 99% of the population shouldn't give up their privacy, for the 1% of criminals they're after.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 7:57am

Re: True, for now, but ....
No, it's true in the long term as well. There will always be an exploit. Tech is only as good as the humans that make it and humans are error prone and routinely make mistakes. Not to mention there is no way to test every conceivable possible chain of events that makes some of these exploits viable. Patch one exploit and eventually someone will come up with a new one to take its place.

There will always be a way in. The question is, will it be a door with a bright neon sign saying "I'm an easy target!" with a simple padlock on it, or will it require the equivalent of an Ocean's 11 or Mission Impossible team, people with highly specialized skills and access to resources that your common thief and script kiddie doesn't?
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 7:59am

Re: True, for now, but ....
The future is only "dark" in relation to the last 10 years. Before that, all this data that the FBI wants simply didn't exist. Conversations were ephemeral, unless the phone was already tapped or the location was already bugged. People did not have photos of every waking hour, and did not create tens or hundreds of written messages per day. Most people were not saving unimportant decade-old data.
[ link to this | view in thread ]
JEDIDIAH, 16 Apr 2018 @ 8:12am

Ever brag about how any DRM will be defeated?
This is the flip side of smugly declaring that no content protection mechanism like DRM will ever survive being attacked by a planet of hackers. The same principle applies to whatever is protecting your own personal files and your own personal communications.
[ link to this | view in thread ]
JEDIDIAH, 16 Apr 2018 @ 8:14am

Re: Re: True, for now, but ....
Once the lock is broken, it's broken for everyone. You can't just selectively let the "white hats" in and nobody else.

Everyone will be invited to the party at your house.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 8:18am

Cracking an iPhone is easy
Go to the top of a tall building. Lean out over the railing. Yell "Look out below!" Drop iPhone over the railing. Climb down to sidewalk and retrieve cracked iPhone. Simple. Easy. Takes a few minutes, and no special skills or tools. For those in a particular hurry, a hammer can be used instead of a sidewalk, but care must be taken to strike the phone instead of the surrounding surface.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 8:50am

Re: Ever brag about how any DRM will be defeated?
Kerckhoffs's principle suggests otherwise: "A cryptosystem should be secure even if everything about the system, except the key, is public knowledge."

What DRM system has ever survived that? Lots of crypto algorithms have.

Obviously Apple needs to keep it in mind too. Their security code should have never been secret (it was recently leaked).
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 8:53am

Re: Cracking an iPhone is easy
You are technically correct—the best kind of correct.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 9:09am

Re: Cracking an iPhone is easy
s/tall building/coffee table
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 9:11am

Re: Ever brag about how any DRM will be defeated?
DRM has a fatal flaw compared to other encryption systems, the person you want to keep out is also the person you want to give the decrypted contents to.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 9:28am

Re: Re: Interesting

This is another case where you should be using a longer passcode and turn on auto-wipe after so many failed attempts. A 4 digit code they can brute force pretty quickly, even 6 digits, doesn't take much longer.

There's a retry timer that makes bruteforcing take a long time (doubling on each retry, so 2^1000 seconds for a 4-digit code). If they can get around that, they can get around "auto-wipe" too; they're both features implemented in the firmware, because they're no physical basis for either (i.e., the electrons are there, and with enough work the data they represent can be copied into hardware that gives unlimited fast retries).

Apple has tried to make it difficult to copy the data, so far with limited success. Look at the history of satellite smartcard hacking to see the future of this.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 9:43am

Re: Re: Re: True, for now, but ....
Sorry for the confusion, I'm arguing for strong encryption (not "responsible" encryption). My comment was replying to the AC's assumption that long term devices will go dark. That's the idea but will never happen in reality as there will always be an exploit someone missed to take advantage of.

The door with the bright neon sign over it is representative of the encryption backdoors the FBI wants tech companies to put in. While the other option represents a lot of time and effort put in by dedicated hackers or state actors to try and find a way to break into a strongly encrypted device/system that may or may not be known or exist. One is dumb and stupid, the other is sadly a fact of life and tech development.
[ link to this | view in thread ]
Ninja (profile), 16 Apr 2018 @ 11:15am

Even if 'going dark' was a real problem it wouldn't justify breaking encryption. Go do your goddamn investigative jobs.
[ link to this | view in thread ]
btr1701 (profile), 16 Apr 2018 @ 11:47am

Re: Re:
I'd hate to be the local PD that dropped $30,000 of its budget on one of these things only to have Apple fix the vulnerability a week later.

Now the chief has a $30,000 paperweight for his desk.

Next thing: Suing Apple and trying to hold them liable for damages for fixing exploits in their own software because it bricks these expensive work-arounds the cops are spending so much money on.
[ link to this | view in thread ]
Anonymous Coward, 16 Apr 2018 @ 12:59pm

Re:
Now thats where they have really gone dark, by alienating communities and losing the low level intelligence they got when cops lived in the communities they policed.
[ link to this | view in thread ]
Ray Trygstad (profile), 16 Apr 2018 @ 1:28pm

Has Apple bought one?
There’s the real question...has Apple bought one of these things?
[ link to this | view in thread ]
David, 16 Apr 2018 @ 4:00pm

That's still going dark
Light means you can look where you want to and see. It doesn't mean you can ask a judge to sign off on payment for flashing a light at a particular spot. This is mostly useless for mass surveillance and makes circumventing the Fourth Amendment (which declares darkness the default for government agencies rifling through personal assets) unreasonably cumbersome.
[ link to this | view in thread ]
SteveMB (profile), 16 Apr 2018 @ 6:37pm

Targeted Investigation vs Mass Surveillance
There are all sorts of ways to get into private files if you're willing to expend time and effort -- hacks like GreyKey, spyware to caputre inputs and outputs outside the encryption envelope, hidden shoulder-surf cameras, etc.

There is thus no real "going dark" problem for the sort of *limited* access based on *individual suspicion* that the police are *supposed* to be doing. The problem is that the police want to be able to spy on everybody, and these techniques simply don't scale up sufficiently to enable that.
[ link to this | view in thread ]
Yoda, 16 Apr 2018 @ 6:57pm

“Fear is the path to the dark side.
Fear leads to anger, anger leads to hate, hate leads to suffering. I sense much fear in you.”
[ link to this | view in thread ]
Uriel-238 (profile), 17 Apr 2018 @ 12:06am

Mass surveillance
It means an agency or precinct that buys the full version can run it on any iPhone on any detained individual they come across, and if it yields access to their online accounts, all their emails, social networking and contacts.

This can runaway into mass surveillance pretty fast.
[ link to this | view in thread ]
Anonymous Coward, 17 Apr 2018 @ 1:59am

Perception Problem
"Not that relegating it to 'good' law enforcement agencies is necessarily a huge improvement."

Remind me again, which are the "good" ones?
[ link to this | view in thread ]
Anonymous Coward, 17 Apr 2018 @ 9:32am

Let em in I say
Just makes the needle in the Haystack that much harder to find .
The Show must go on yes ?
No one no where is truly safe
Once they zero in on anyone person said persons life is basically over as they have hoovered up so much information they just need a target to unleash on.

Its like getting caught speeding , everyone does it just sucks to be you when randomly caught ,except here its not random when they target you and there is no fine and you go on your merry way .

So little hamsters keep going round on the wheel and
be ignorant of everything else out side your cage
cause your just where they want you to be ........
chasing that cheeze
[ link to this | view in thread ]
Anonymous Coward, 17 Apr 2018 @ 12:31pm

Re:
You're an idiot.
[ link to this | view in thread ]
FBI, 17 Apr 2018 @ 6:28pm

The more they overthink the plumbing, the easier it is to stop up the drain.
[ link to this | view in thread ]