Instructions for iPhone cracking tool GrayKey have surfaced online and it appears they were written by the San Diego Police Department.
GrayKey
iPhone Hacking Company GrayKey Reinvents the Keylogger
A report from NBCNews mentions a tool from GrayKey called Hide UI, and until now has been kept secret from the public.
But another tool, previously unknown to the public, doesn’t have to crack the code that people use to unlock their phones. It just has to log the code as the user types it in.
Software called Hide UI, created by Grayshift, a company that makes iPhone-cracking devices for law enforcement, can track a suspect’s passcode when it’s entered into a phone, according to two people in law enforcement, who asked not to be named out of fear of violating non-disclosure agreements.
This is called a keylogger, and it is neither new nor revolutionary. It would be cheaper for police to use pen and paper to write down a suspect’s passcode, although there is that pesky fifth amendment.
Grayshift Increases Price as it Struggles to Hack iPhones
iOS forensics company Grayshift was forced to raise its prices last year, noting that “Forensic Access to iOS continues to increase in difficulty and complexity.”
“I think it’s going to get harder and harder to find these kinds of unlocking flaws, because Apple does control the entire stack,” Alex Stamos, director of the Stanford Internet Observatory and former Facebook chief security officer, previously told Motherboard. “I think a couple more hardware revisions of understanding the ways that these unlocks are happening and [Apple is] going to make it extremely difficult. Which then will bring this debate back…”
It’s a complex issue. On one hand it’s good news for Apple customers. On the other hand, it makes the government is fight tooth and nail to take away our security.
Here’s What Data is Accessible With Cloud Forensics
When a company like Cellebrite or GrayKey use their devices to break into your iPhone, it’s not just your local data that can be accessed. Using various types of “cloud forensics” or cloud extraction technology, they can get your data in the cloud as well. It’s a long read but worth it.
Cellebrite’s UFED Cloud Analyzer, for example, uses login credentials that can be extracted from the device to then pull a history of searches, visited pages, voice search recording and translations from Google web history and view text searches conducted with Chrome and Safari on iOS devices backed-up iCloud.
Apple Blocked GrayKey, Possibly Through Reverse Engineering
Apple has blocked GrayKey, an iPhone hacking device used by law enforcement. The company designed iOS 12 with protection against it.
Apple Confirms iOS Security Feature to Block Devices Like GrayKey
But Motherboard reports that Grayshift is confident that its device is future-proof.
Amazon Cyberpunk King, Tim's State Dinner, GrayShift Pudding - ACM 459
In this episode, Bryan Chaffin and Jeff Gamet talk about how Amazon has quietly become the Cyberpunk king. They also discuss Tim Cook’s choice of dinner companions for the White House’s state dinner, and how Grayshift’s data breach is the proof in the pudding that backdoors and cracks get mishandled.
GrayKey Underscores Why We Need Strong iPhone Passcodes
The GrayKey box is available only to law enforcement, but it’s a perfect example of why strong passcodes for our iPhones are so important.
iPhones, Strong Passcodes, and GrayKey - TMO Daily Observations 2018-04-17
John Martellaro and Andrew Orr join Jeff Gamet to talk about why longer iPhone passcodes are becoming more important, plus they discuss the GrayKey iPhone hacking device available to law enforcement.
Apple's microLED Plant, iPhone Hacking GrayKey - TMO Daily Observations 2018-03-19
John Martellaro and Bryan Chaffin join Jeff Gamet to talk about Apple’s microLED facility in California, plus iPhone security and the GrayKey hacking device.