Recently, we talked about how the police were beginning to adopt powers that would allow them to skim data from your smartphone, without the need for a warrant. Most of our readers were shocked by this revelation, with a few people questioning how this could be possible. Below, we’ll look more in depth into one example of such technology that’s making this possible for a growing number of police forces and other authorities. Although this isn’t the unit being used by every police force, it’s just an example of what can be done with a suspect’s phone.
More about the technology
Though it may not be the only piece of kit available to forces, one of the most heavily used pieces of technology being utilised by a growing number of police agencies in the United States is the 'GrayKey' box. This device is compatible with nearly all iPhone smartphones, including those running the latest operating systems (iOS). The equipment consists of a small, 4×4 diameter box, with 2 lightning cables protruding from its chassis; these are the standard type of cable used to connect to and charge an iPhone, or to transfer data between them and a computer.
Developed by a company called Grayshift, who are based in the American state of Atlanta, there are two distinct variations available. The more expensive of the two, which costs a little over £10,000, is limited to requiring an internet connection, as well as only allowing 300 uses. However, the more expensive model, standing at a little over £20,000, has unlimited use and doesn't need to be connected to the internet.
How the technology works
Using the two lightning cables built into the box, police can work on two devices at any one time. The process involves connecting an iPhone to one of the cables. If your iPhone is locked with a six-digit PIN code, then it could several days for the machine to break through security. However, if you're only using a four-digit PIN number, then your device could be unlocked in as little as a couple of hours.
Though the box only has 2 cables, the potential is there to unlock a great deal more devices simultaneously, as after 2 minutes, the phones can be disconnected and the hacking software will run remotely on the phone. This means that a police force could break into many devices in a short space of time – for example, the 24 hours that they can legally hold somebody without charge.
One the attempt has completed, the phone will display a raft of data on a black screen, which can be read by whoever is in the possession of the device. Among this technical data will be your personal PIN code, which can be used to unlock the device. This is different to the models being used in the UK at the moment, which purportedly extract your device data, in that the GrayKey allows somebody to directly browse through your phone as if they were you.
Are the police truly using this technology?
Since Apple refuse to help unlock phones that belong to the victims or suspects of a crime, or even the phones of relatives who have passed away, there’s little that can be done in a legitimate way to try and gather data from a smartphone. This is the reason that some forces have already turned to technology like the GrayKey. It’s a constant cat and mouse game that will continue for as long as Apple keep patching these loopholes, and hackers keep looking for new ones to exploit.
Though this piece of kit hasn’t yet graced UK shores – as far as we are aware – it may only be a matter of time until the equipment becomes available for UK agencies. What’s more, as per our previous article, some form of this technology is already in use by a number of UK-based police forces.
Across the pond, many US state police forces have already adopted the technology, and although according to website 'Motherboard', the FBI refused to disclose whether they had purchased GrayKey technology, documentation leaked by the agency revealed a request for quotation to purchase several of the devices.
Am I at risk?
These types of phone-cracking devices are a clear example of how your phone and the privacy of your data can be breached without your permission. As we discussed in our previous article on this issue, you have nothing to worry about from a legal point of view if you’ve not committed a crime. That said, technology such as the GrayKey is theoretically not limited to authorities and could be used by any hacker wanting to break into an iPhone, providing they could gain access to the equipment.
Your safest bet is to use as long a PIN code as Apple permits, which is currently six-digits; in the future, they may increase this. You should also keep your iPhone up-to-date with security patches for iOS, as it’s likely only a matter of time until Apple apply a security patch to prevent this type of device cracking.
If you’re concerned about your security and would like to discuss it with an expert, then you can contact an agent at WiseGuys on 0808 123 2820.