
Some U.S. law enforcement agencies are using GrayKey to bypass iPhone encryption - _o_
https://motherboard.vice.com/en_us/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police
======
rwbt
> Grayshift has been shopping its iPhone cracking technology to police forces.
> The firm, which includes an ex-Apple security engineer on its staff,
> provided demonstrations to potential customers, according to one email.

Wow. That's very sleazy.

~~~
josefresco
Hacker News: Hack everything!

Hacking Company: We've hacked the iPhone and are selling the tech to law
enforcement.

Hacker News: Evil! Sleazy!

~~~
wool_gather
You keep using that word. I do not think it means what you think it means.

Hacker News: Hack everything!

 _Crack_ ing company: We've _cracked_ the iPhone and are selling the tech to
law enforcement.

Ref: [http://www.catb.org/jargon/html/meaning-of-
hack.html](http://www.catb.org/jargon/html/meaning-of-hack.html)
[http://www.catb.org/jargon/html/C/cracker.html](http://www.catb.org/jargon/html/C/cracker.html)

~~~
da_chicken
I'm sorry, but it's no longer the 1980s. In plain English, hacking now means
"gain unauthorized access to a computer." You may not like it, but English is
defined by usage, not whatever culture the one-time jargon was inherited from.

~~~
wool_gather
Regardless, the point is that the parent's satirical accusation of hypocrisy
is invalid because it's using the same word "hack" for two very different
meanings.

~~~
da_chicken
I mean, yes, that was the joke.

~~~
josefresco
This guy gets it.

------
outworlder
That 15k(or 30k) box looks like it is slightly more polished than an arduino
case straight from the likes of DigiKey.

It wouldn't look out of place in the 80's. The LEDs in particular would fit
right in.

I would not be surprised to find an actual $1 micro controller driving this.
Or to find that out the box wasn't really required at all – and that during
development the software ran in a normal laptop, but they needed a physical
product to charge the big bucks...

~~~
sterlind
GPS, 2-factor auth and probably additional tamper-proofing is packaged in the
enclosure. GrayKey's value drops to zero the moment the exploit is unearthed;
I suspect the black box mostly provides safeguarding.

Though, one wonders whether a simple tap on the lightning cable couldn't spill
the device's secrets.

~~~
nikanj
It's somewhat amusing that their business model, i.e. "we break software
protections", is 100% dependent on their own software protections working.

------
1024core
> FBI Director Christopher Wray recently said that law enforcement agencies
> are “increasingly unable to access” evidence stored on encrypted devices.

> Wray is not telling the whole truth.

I wish there was some punishment for Government officials for lying to the
public. You can be prosecuted for lying to the FBI, so why shouldn't they be
prosecuted for lying to you (the voter, who is supposed to have the power in a
democracy)

~~~
stronglikedan
I would guess it's to reduce the amount of frivolous accusations by people who
only _think_ they were lied to or simply disagree. I would imagine that most
government officials would spend their day fighting off these accusations,
with no time for their official duties.

~~~
acct1771
I'd rather their time be taken up by explaining shit in court as opposed to
making backdoor deals.

------
Operyl
Some more fun information here: [https://blog.malwarebytes.com/security-
world/2018/03/graykey...](https://blog.malwarebytes.com/security-
world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/)

It looks like it runs third party code on the device. Only needs to be
connected to the black box for two minutes and then unplugged for the
remainder of the process.

------
dre85
I've always wondered about the legalities of such things. How is it okay for a
company to legally sell a hack of another company's technology? Is it because
they only sell to the police? If this is okay, then where is the actual limit?
Can they sell hacked access to a company's servers for example?

~~~
tinus_hn
This isn’t really a hack, it’s just a tool for brute forcing pin codes. It
doesn’t work if you have an alphanumeric code or a very long pin code.

~~~
briffle
But doesn't that still violate the DMCA that prohibits working around access
control technology?

~~~
manjushri
It does seem to violate the CFAA

[https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act](https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act)

------
xevb3k
From the article, it seems to be a passcode bruteforcing tool. They state in
the article 3 days or longer for a 6 digit passcode. Which I assume means 3
days for a 4 digit code. That’s about 26 seconds per guess.

So if you care about securing against this, use a longer passcode (and
alphanumeric) is the message I guess.

~~~
hardwaresofton
Isn't there a setting for wiping the device if the wrong password is entered X
times?

~~~
manicdee
This device pranks the hardware to allow unlimited attempts at guessing the
password.

I don’t know the details: is it as simple as grounding the “password entered
incorrectly” pin? Or is it about injecting so much noise on a signal line that
the message to increment the PIN attempt count never gets through? I don’t
know.

So use a passphrase, not a PIN.

~~~
wool_gather
Last year someone demonstrated the possibility of dumping and restoring the
state of the security hardware in between entry attempts, so that the phone
always thought you were on your first try. I assume this is the technique
being used by the GreyKey.

EDIT: Pretty sure this is the one I'm thinking of:
[https://www.digitaltrends.com/mobile/cambridge-researcher-
ha...](https://www.digitaltrends.com/mobile/cambridge-researcher-hacks-iphone-
security-off-the-shelf-equipment/)

I guess it was two years ago.

------
iainmerrick
I wonder if they have any process in place to prevent Apple buying one of
these and figuring out how it works.

I would guess Apple already has one. But if they’ve tried to get one, and been
foiled somehow, there must be a fascinating cloak-and-dagger story there that
we’ll probably never hear...

~~~
Shivetya
well I am curious what the break time on longer passwords is? They made claims
against four and six character passcodes but my employer already requires
longer if we are to receive corporate mail.

~~~
haZard_OS
I have never worked for a company that requires less than 8 characters for a
password. Most have required 10 characters (or more), with at least one
numeral, one special character, one uppercase letter, and one lowercase
letter.

------
moomin
Absent this whole article is the fact that there are good reasons for
criminals to want to crack your phone. These developments just make it more
likely your personal information and, frankly, cash can be stolen by anyone
who swipes your phone.

~~~
kafquaesque
This is one of the best points I have read. Without the community knowing how
he is doing it—it can be used maliciously.

There are extremely good reasons for police officers to want access to an
iPhone (which could be time dependent). At the same time there’s a lot of
potential for misuse of the ability to gain access by agencies or malicious
actors.

It’s a trade-off. I err on the privacy side of the issue because things can be
misconstrued in a legal setting. I can see why some people don’t have the same
viewpoint and lean the other way.

------
fredsir
I for one am glad I started using 25 character passwords 3-4 years ago. I just
wonder how long it will be before that is not good enough either. Surely in my
life time. And what's next? 50 character passwords? One hundred characters?
10-factor authentication?

~~~
TN412
If we ever get to 50 or 100 character passwords i don't think passwords will
be the norm anymore. Perhaps facial recognition, but i think a better option
is on the horizon.

~~~
pixl97
Your face is not a secret.

------
caf
I wonder if Grayshift have joined the MFi program to license the patents to
the Lightning connector...

------
emilfihlman
It's probably in Apples best interested to let this firm operate. It might be
even a long term strategy for them. It relieves pressure from them and keeps
law enforcement happy.

------
zanedb
> Malwarebytes’ post says GrayKey can unlock an iPhone in around two hours, or
> three days or longer for 6 digit passcodes.

So couldn't you avoid this by, say, having a longer PIN? Maybe even a
password?

~~~
SomewhatLikely
And couldn't Apple defend against this by using an exponentially increasing
wait period between guesses? Probably after some number of guesses with no
delay, say 10 guesses.

~~~
nielsbot
They already do that--but this box somehow bypasses that security measure.

------
qume
I thought the iphone has a delay after a few attempts at the secure enclave
level?

I wonder if this is doing some sort of timing or voltage related validation of
the code without needing to actually submit it. Ie the equivalent of
1234,backspace,5,backspace,6 etc without sending whatever is the equivalent of
'submit'

------
micro-ram
What about the requirement to run signed code from power on?

------
forapurpose
Most key bits are below; there's much more in the article and in the article's
links.

> GrayKey can unlock an iPhone in around two hours, or three days or longer
> for 6 digit passcodes

> 'GrayKey' ... can break into iPhones, including the iPhone X running the
> latest operating system iOS 11.

> The device comes in two versions: a $15,000 one which requires online
> connectivity and allows 300 unlocks (or $50 per phone), and and an offline,
> $30,000 version which can crack as many iPhones as the customer wants.

