Thomas Brewster, reporting for Forbes:
Last year, FBI investigators in Ohio used a hacking device called
a GrayKey to draw data from the latest Apple model, the iPhone 11
Pro Max. The phone belonged to Baris Ali Koch, who was accused of
helping his convicted brother flee the country by providing
him with his own ID documents and lying to the police. He has now
entered a plea agreement and is awaiting sentencing.
Forbes confirmed with Koch’s lawyer, Ameer Mabjish, that the
device was locked. Mabjish also said he was unaware of any way the
investigators could’ve acquired the passcode; Koch had not given
it to them nor did they force the defendant to use his face to
unlock the phone via Face ID, as far as the lawyer was aware. The
search warrant document obtained by Forbes, dated October 16,
2019, also showed the phone in a locked state, giving the
strongest indication yet that the FBI has access to a device that
can acquire data from the latest iPhone.
Nothing is confirmed by anyone involved — the FBI, Apple, or Grayshift (the company that makes the GrayKey) — but this sure sounds like the FBI accessed data on an iPhone 11 Pro Max using a GrayKey. Two things if this is true. First, this really puts the lie to the FBI’s claim of needing Apple’s help accessing the Pensacola shooter’s iPhones (which were older models, and thus presumably easier to crack). Second, this is the first suggestion I’ve seen that GrayKey can unlock, or somehow otherwise access the data of, Apple’s latest generation of iPhones.
More on how GrayKey works — or at least used to work — from an April 2018 link. At one point later in 2018, it was believed that bug fixes in iOS 12 stopped GrayKey from working. It’s a canonical cat-and-mouse game. Also worth noting: Grayshift co-founder Braden Thomas previously worked as a security engineer at Apple.
★ Friday, 17 January 2020