An unredacted GrayKey NDA outlines instructions given to law enforcement

iPhone X passcode screen
iPhone X passcode screen (Image credit: iMore)

What you need to know

  • An unredacted version of an NDA signed by law enforcement shows never before seen details about the GrayKey device.
  • GrayKey devices, made by GrayShift, allow law enforcement to brute-force their way into locked iPhones.
  • The NDA offers details about how GrayKey can bypass USB Restricted Mode.

GrayShift is the company behind GrayKey, the device law enforcement outfits use when they need to get into a locked iPhone to gather evidence. Those police departments tend to sign non-disclosure agreements with GrayShift and one of those documents has been obtained by Motherboard. What's more, it appears to have not been redacted.

While these kinds of documents are normally heavily redacted to ensure some of their contents can't be read by people like us, this particular one appears to have been missed — giving us new insight into GrayKey's capabilities and what police departments need to do if they want to use it.

One section highlighted by Motherboard relates to GrayKey's ability to bypass USB Restricted Mode, a state that was introduced in iOS 11.4.1 that was designed to prevent devices like GrayKey from working. This was taken from a document signed by the Illinois State Police earlier this year.

"Without limiting and foregoing, you acknowledge and agree that you will not disclose the existence of any GrayKey features and solutions designed to circumvent USB Restricted Mode released in iOS 11.4.1 and updated throughout future iOS versions made available to you on or about the date hereof," one section reads. The document adds that "If this feature is utilized on one or more iOS device(s), it is of critical importance that such iOS device(s) remain in your possession and control until after the software agent has been successfully installed on the iOS device(s), and you acknowledge and agree to maintain possession and control of such iOS device(s) until such time." Generally speaking an agent is a piece of software installed on a device.

As Motherboard notes, some agencies try to prevent the public from ever knowing that they have bought GrayKey devices, with a City of Orlando law enforcement official doing exactly that in 2018. "This will prohibit Purchasing from posting notice of the purchase and disclosing acquisition of this system. This will assist in protecting our forensic examination techniques, and capabilities," they wrote when requesting that the device's purchase be made exempt from public records.

Apple continues to make tweaks to iOS and iPhones to prevent the GrayKey boxes from working, but that's a cat and mouse chase that will never end. GrayKey is generally accepted to be the best iPhone hacking tool around, and there's little Apple can do to change that right now.

Oliver Haslam

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too. Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.