This is how law enforcement uses GrayKey devices to access locked iPhones

By Oliver Haslam
published

iPhone X passcode screen
iPhone X passcode screen (Image credit: iMore)

What you need to know

  • A support document for the device police use to unlock suspects' iPhones has been seen by Motherboard.
  • The GrayKey devices can unlock iPhones even when they're locked using an alphanumeric passcode and turned off.

Instructions on how to brute force and then extract data from an iPhone – including the latest iPhone 12 – using a GrayKey device have been seen by Motherboard and it's just as grim as you might think.

Procured via a freedom of information request and seemingly written by the San Diego Police Department, the document details what police can and cannot do with a GrayKey device – so long as they have a legal right to do so of course.

The instructions describe the various conditions it claims allow a GrayKey connection: the device being turned off (known as Before First Unlock, or BFU); the phone is turned on (After First Unlock, or AFU); the device having a damaged display, and when the phone has low battery.

The document goes on to state that the agent used to unlock an iPhone can be installed even when the device has "2 to 3% battery life" left.

The use of an alphanumeric passcode is thought to be one way to try and scupper GraKey's ability to brute force a device, but that likely isn't the case if real-world words are used. Instead, a mishmash of random letters and numbers generated by a password manager would be a better option.

One section of the instructions also describes how to brute force an alphanumeric passcode. Many iPhone users have purely numerical passcodes, only made up of numbers. An alphanumeric passcode also uses letters, so has more characters options, and can generally be more resilient to brute force attempts if it uses a random series of characters. If the device uses an alphanumeric passcode containing real words however, that may make cracking the passcode easier thanks to word lists; long lists of human readable words.

You can read more about what Motherboard saw in the original Vice piece and it's interesting reading for anyone who is concerned about law enforcement's potential access to their devices and data.

Apple is in a constant cat-and-mouse chase with devices like the GrayKey as it tries to ensure that data held on iPhones and iPads is as safe as possible. It's something that has drawn the ire of law enforcement officials before, with Apple itself often unable to access the data living on encrypted iPhones.

A locked and turned-off iPhone is the best iPhone in terms of security, but even then it seems GrayKey might be able to find a way in.

Oliver Haslam
Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.

Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.

2 Comments
  • What if my lightning port is filled with epoxy?
  • If you are worth it, open the phone up and connect to the motherboard.