The FBI Used a GrayKey to Obtain Data From a Locked iPhone 11 Pro Max

Thomas Brewster, reporting for Forbes:

Last year, FBI investigators in Ohio used a hacking device called a GrayKey to draw data from the latest Apple model, the iPhone 11 Pro Max. The phone belonged to Baris Ali Koch, who was accused of helping his convicted brother flee the country by providing him with his own ID documents and lying to the police. He has now entered a plea agreement and is awaiting sentencing.

Forbes confirmed with Koch’s lawyer, Ameer Mabjish, that the device was locked. Mabjish also said he was unaware of any way the investigators could’ve acquired the passcode; Koch had not given it to them nor did they force the defendant to use his face to unlock the phone via Face ID, as far as the lawyer was aware. The search warrant document obtained by Forbes, dated October 16, 2019, also showed the phone in a locked state, giving the strongest indication yet that the FBI has access to a device that can acquire data from the latest iPhone.

Nothing is confirmed by anyone involved — the FBI, Apple, or Grayshift (the company that makes the GrayKey) — but this sure sounds like the FBI accessed data on an iPhone 11 Pro Max using a GrayKey. Two things if this is true. First, this really puts the lie to the FBI’s claim of needing Apple’s help accessing the Pensacola shooter’s iPhones (which were older models, and thus presumably easier to crack). Second, this is the first suggestion I’ve seen that GrayKey can unlock, or somehow otherwise access the data of, Apple’s latest generation of iPhones.

More on how GrayKey works — or at least used to work — from an April 2018 link. At one point later in 2018, it was believed that bug fixes in iOS 12 stopped GrayKey from working. It’s a canonical cat-and-mouse game. Also worth noting: Grayshift co-founder Braden Thomas previously worked as a security engineer at Apple.

Friday, 17 January 2020