The DEA Says It Wants that New iPhone Unlocking Tool ‘GrayKey’
March 29, 2018 in News by RBN Staff
Source: Motherboard
After sourcing Cellebrite’s Apple unlocking service a number of years ago, the DEA is now looking to buy an iOS 11 cracking product from Grayshift.
By Joseph Cox
Image: Malwarebytes
This is part of an ongoing Motherboard series on the proliferation of phone cracking technology, the people behind it, and who is buying it. Follow along here.
Everyone from local cops to federal agencies have already bought the so-called GrayKey, a device that can unlock and bypass the encryption on up to date iPhones. Now, the Drug Enforcement Administration (DEA) has said it wants to get ahold of the tech too, according to online records reviewed by Motherboard.
The news comes just after the Office of the Inspector General (OIG) of the Department of Justice released a report saying the FBI did not fully explore its technical options for breaking into a device belonging to one of the San Bernardino terrorists in 2016, possibly the most famous case of a locked and encrypted iPhone.
The DEA is seeking a “lawful access iOS device unlock tool,” according to a listingposted earlier this month on a website providing federal business opportunities for contractors. The listing then specifically names the GrayKey technology.
Grayshift, the company behind GrayKey, provides two different versions of the product: an online model for $15,000 which provides 300 unlocks, and an offline version for $30,000 with unlimited uses. The DEA is looking for the latter, according to the listing.
According to marketing material obtained by Forbes, GrayKey can unlock iOS devices running Apple’s latest mobile operating system iOS 11. Indeed, according to a specification sheet posted alongside the DEA’s request, the device should support unlocking of Apple iOS 9, 10, and 11, as well as iPhones up to the most recent X model. The GrayKey equipment itself is a small, four-by-four box, with two lightning cables for connecting iPhones, according to photos published by cybersecurity firm Malwarebytes.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
Like many law enforcement agencies, the DEA has encountered issues when trying to access locked and encrypted iOS devices, including in a 2016 drug case. That same year, a listing from the DEA shows it sourced an Apple product unlocking service from established forensics firm Cellebrite. That service, however, was estimated to cost around $250,000, according to an accompanying document.
As Motherboard has found over the last few weeks, the Indiana State Police has already purchased GrayKey, intending to use the device for investigating crimes against children and murders; and the State Department seemingly bought the toolfor its Bureau of Diplomatic Security.
The DEA notice asks relevant contractors to get in touch, but Grayshift is likely the only company that could provide the GrayKey product. Motherboard previously obtained a Sole Source Letter Grayshift sent to the Indiana State Police, in which the company said it was the only firm that sold the technology.