Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Iphone Encryption IOS Operating Systems Privacy Security Software United States Apple Hardware

State Department Seemingly Buys $15,000 iPhone Cracking Tech GrayKey (vice.com) 79

An anonymous reader quotes a report from Motherboard: Grayshift, a company that offers to unlock modern iPhones for as little as $50 each, has caused a buzz across law enforcement agencies, with local police already putting down cash for the much sought-after tech. Now, it appears a section of the U.S. State Department has also purchased the iPhone cracking tool, judging by procurement records reviewed by Motherboard. Grayshift's iPhone product, dubbed GrayKey, can unlock devices running versions of Apple's latest mobile operating system iOS 11, according to marketing material obtained by Forbes. An online version of GrayKey which allows 300 unlocks costs $15,000 (which boils down to $50 per device), and an offline capability with unlimited uses is $30,000. According to a recent post from cybersecurity firm Malwarebytes, which obtained leaked details on GrayKey, the product itself is a small, four inch by four inch box, and two iPhones can be connected at once via lightning cables. Malwarebytes adds that the time it takes to unlock a device varies depending on the strength of the user's passcode: it may be hours or days. Notably, Grayshift includes an ex-Apple engineer on its staff, Forbes reported.

On March 6, the State Department ordered an item from Grayshift for just over $15,000, according to a purchase order listing available on the U.S. government's public federal procurement data system. The listing is sparse on details, putting the order under the generic label of "computer and computer peripheral equipment." But Motherboard confirmed that the Grayshift in the State Department listing is the same as the one selling iPhone cracking tech: the phone number of the vendor in both the purchase order and documents Motherboard previously obtained detailing a GrayKey purchase by Indiana State Police is the same. The "funding office" for the Grayshift purchase was the Bureau of Diplomatic Security, according to the procurement records. The Bureau acts as the law enforcement and security arm of the State Department, bearing "the core responsibility for providing a safe environment for the conduct of U.S. foreign policy," the State Department website reads.

This discussion has been archived. No new comments can be posted.

State Department Seemingly Buys $15,000 iPhone Cracking Tech GrayKey

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Monday March 26, 2018 @08:05AM (#56327351)

    apple will just drop lightning cables in next phone

  • by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Monday March 26, 2018 @08:15AM (#56327389) Journal
    What does it mean for a passcode to be particularly strong or weak when the passcode must be all digits and must be some fixed number of digits long?
    • by Anonymous Coward

      iOS allows indeterminant length pass phrases, you simply need to change a setting

    • by kilfarsnar ( 561956 ) on Monday March 26, 2018 @08:33AM (#56327461)

      What does it mean for a passcode to be particularly strong or weak when the passcode must be all digits and must be some fixed number of digits long?

      It means that for the passcode to be stronger it needs to be longer. There is not a fixed number of digits, and the phone can be set to require you to tap OK after typing the passcode, so the number of digits cannot be determined.

      • by AmiMoJo ( 196126 )

        Does it randomize the position of the numbers on the screen, to prevent finger smudge attacks?

        • Does it randomize the position of the numbers on the screen, to prevent finger smudge attacks?

          Not that I'm aware of. But the phone screen is generally all smudged up, IMO. So seeing just prints over the relevant numbers is unlikely.

    • by Anubis IV ( 1279820 ) on Monday March 26, 2018 @08:43AM (#56327503)

      I take it you’re unaware that alphanumeric passcodes have been supported since iOS 4? In iOS 11, you just need to tap the rather obviously named Passcode Options button when you go to change your passcode to bring up the options for formats other than the six-digit default.

      • by mark-t ( 151149 )

        I have an iPhone6+, running iOS11 and I cannot find anything called "passcode options" anywhere on my phone. The only thing that is even close to that is "passcode settings" in the guided access settings under accessibility, and that is a 6-digit password as well.

        Could you tell me where, exactly, this option is supposed to be, because even the search function on my phone isn't finding anything like what you describe?

        • Lol, it's the first google hit for alphanumeric passcode ios11 [bgr.com]
        • by registrations_suck ( 1075251 ) on Monday March 26, 2018 @09:06AM (#56327597)

          Change your passcode.

          On the "Enter your new passcode" screen, there is a link called "Passcode Options". Click that.

          You then have three choices to choose from:
          1). Custom Alphanumeric Code
          2). Custom Numeric Code
          3). 4-Digit Numeric Code

    • by mi ( 197448 )

      the passcode must be all digits

      WTF? Even if there ever was, there is no such requirement today. Mine has letters — and, wow, not all of them even from the Latin alphabet...

      must be some fixed number of digits long?

      Another falsehood...

    • Others mention the length, but also remember that the distribution of digits is not uniform for pass codes-- 0, 1, 2 have the highest rate of occurrence, so if you are brute forcing you emphasize those numbers more. There is a good probability that out of six digits no more than two are 4-9, after you exhaust common keyboard patterns.

  • by InvalidsYnc ( 1984088 ) on Monday March 26, 2018 @08:29AM (#56327439)

    ...and then it will use it to determine how it is cracking the login, and then they will fix it, and the security will be even stronger for Apple. Sounds like a good deal. :P

    • by Anonymous Coward

      This tool isn't completely new. The fact that Apple didn't address the issue yet says that the security hole isn't that easy to deal with.

      • ...Or, it says that the company making the thing vets all potential customers to make sure that they don't torpedo their meal ticket by selling to a). criminal organizations, or b). security groups who would tattle to Apple.

        Apple's probably going to have to figure this one out the old fashioned way.

        • Apple's probably going to have to figure this one out the old fashioned way.

          By buying it through a shell company?

    • Which is why it makes sense to order the $15000 limited use device rather than the more expensive unlimited device, even if you have more than 300 phones to unlock.

  • by Dorianny ( 1847922 ) on Monday March 26, 2018 @08:33AM (#56327459) Journal
    Its obvious that they must have found an exploit that allows them to bypass the number-of-attempts security mechanism. I wonder if this is handled in IOS or if it is a more serious Security Enclave bug.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Besides the Israeli and Russians who had it out years before. Service was easy in Thailand. A backdoor exploit must be non obvious. using the port not the screen is still obvious.Placing a logic analyzer in series with the connections is still obvious. It makes sense to impose a scramble box, then send to a 2nd iPhone. My bet is a memory dump occurs, and then is brute forced. And likely a 2nd round needed to find the salt, then a transformation. This would prevent simple replay attacks, and simple copycats.

      • I thought you couldn't memory dump unless the phone unlocked to the device (as of recently, I think iOS10 or 11)?

      • Its a 4' by 4' box that is capable of working offline. Definitively no crypto brute-force going on here
  • by sqorbit ( 3387991 ) on Monday March 26, 2018 @09:09AM (#56327605)
    Has there been any verification that this software works? I've seen reports of police purchasing it,but no report it actually works.
  • So a company will crack an iPhone for 50 bucks? What does that imply about the security of financial information on a lost smartphone? Is it even easier to crack Android Phones? If a smartphone comes into possession of a theft-ring, how long does it take to crack a phone with all current security updates in place?
    • That's an interesting question. The front screen is just the first hurdle, depending on what they are trying to get to. For apps that use secondary authentication methods (fingerprint, facial scanning, DNA testing (just kidding, that doesn't come out for another couple years), etc) I don't know that they can get past that to get to say your financial institution. Would be interesting to find out if those can also be bypassed.

  • by PPH ( 736903 ) on Monday March 26, 2018 @10:46AM (#56328147)

    Why would the State Department be cracking phones? They provide neither a law enforcement nor an intelligence function.

  • Apple is being forced into a corner to provide a backdoor so this hardware hack will probably be allowed to stand. So what does this hack do? Try all possible 6 digit passcodes until it unlocks? I had heard that after "X" number of bad passcode entries that the iPhone would wipe itself, but have never found out how to set this up.
  • So...do you suppose that Apple will just buy Grayshift next, and resolve the issue? And how long before they do the same with Cellebrite?

    • Why buy the company when you can buy the device?

      • Buy the device, you might not understand why it works. Buy the company, you buy the Intelectual Property, and maybe find an engineer in there who can make your products better before they roll out the door the first time.

  • ... to the Computer Fraud and Abuse Act?

    Can't the police, FBI and State Department be charged under the CFAA every time they use this device? "Oh, but we were doing it to serve the law!" is not an excuse otherwise White Hats would be immune from prosecution.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...