Police can now access your iPhone without your help

A newly developed tool aimed at cracking the code of Apple iPhones is being pursued or already in the hands of several Bay Area law enforcement agencies. While facial recognition, fingerprint and passcodes may seem secure, there’s a new way for police to get around it.

GrayKey was developed by Georgia-based GrayShift in 2017 and, according to company documents, is capable of unlocking any iPhone, even those that are disabled or those that have the newest versions of iOS software.

The technology and device was born out of controversy over whether or not the government should be allowed to break into phones to gain access to personal information. Following the 2015 attack by two terrorists in San Bernardino that left 14 dead at a social services center, focus shifted to who knew, including the contacts, communications and content contained on one of the shooter’s phones. Both shooters were killed by police. The FBI pressed Apple to unlock the phone to get access, but the company refused. Ultimately, the FBI paid a third party that figured out how to break into the phone.

Since then, phone security has evolved, however, so have the latest hacking tools. Among the newest is GrayKey, which promotes a mission of supporting local, state and federal government agencies by ‘removing barriers.’

Some civil rights advocates have protested against these types of tools feeling under attack of privacy rights and fearful the technology could slip into the wrong hands.

“Today’s law enforcement tool will become tomorrow’s criminal tool.” Jeremy Gillula with the Electronic Frontier Foundation said. “What they’re doing isn’t the best for everyone’s security,” 

According to GrayShift documents, GrayKey is the ‘next general digital forensic access tool’ that successfully unlocks Apple devices like iPhones and iPads. The small box appears to have two lightning cables that plug into iPhones and eventually a passcode will be displayed on the phone screen. The files can then be downloaded onto the GrayKey and accessed by computer, a report by Malwarebytes uncovered.

Records requests submitted by 2 Investigates to a dozen Bay Area law enforcement agencies proved that one third either have or are planning on purchasing a GrayKey.

California Highway Patrol has had a device since May. The annual license costs roughly $15,000 a year and can be used up to 300 times to crack a cell phone’s code. CHP turned down a request for an interview but said GrayKey is “critical to access information” and is “used for all levels of criminal activity.” So far, CHP said it has used the GrayKey device to unlock at least 75 Apple devices.

San Jose Police Department bought two GrayKey licenses for the next year and has had two devices since May costing taxpayers $27.000. 

San Mateo Sheriff’s Office also has a GrayKey and the district attorney explained it has already been used in a couple of cases.

Santa Clara County is planning on paying $15,000 a year for a subscription and device after receiving a few quotes for the same type of unlocking technology.

“There should be a community input process so that the community can say yes or no, this is or isn’t a good use of our police resources,” Gillula said.

Some prosecutors told 2 Investigates a warrant is necessary in order to legally use the GrayKey, however, not all law enforcement agencies responded as to whether or not a court order was required.

Apple is actively updating software to fix its security vulnerabilities, as GrayShift is also advancing with a plan to give people equal access to personal information. Neither Apple nor GrayShift responded to 2 Investigates questions regarding GrayKey.

Records show there are two other companies similar to GrayShift with a product capable of unlocking cell phones.

“It really is just this cat and mouse game,” Gillula said. “There’s no such thing as foolproof security.”