A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.Apple’s new feature is still alarming law enforcement, though.“Of course they are concerned,” one source with access to restricted forums used by law enforcement told Motherboard. Motherboard granted several sources in this story anonymity to talk about sensitive industry developments.
“Grayshift has gone to great lengths to future proof their technology”
Motherboard found Grayshift has relationships with federal, state, and local law enforcement agencies, including the FBI, DEA, and Secret Service. New emails show the New York State Police is in contact with Grayshift.The GrayKey itself is a small box that has lighting cables for connecting two iPhones at once. Although technical details on how exactly GrayKey breaks into phones are generally unavailable, the device, expectedly, uses techniques to churn through different passcode combinations—or brute forcing in hacker lingo—according to demonstration slides seen by Motherboard.According to company slides, the device has two strategies to access data on the phone: “Before First Unlock” or BFU, and “After First Unlock” or AFU. BFU is a “slow brute force,” meaning it takes 10 minutes per try. This gives access to “limited data.” That’s likely because the BFU strategy happens when the phone was off when seized. If that’s the case, when turned on, the iPhone has most of its data, including contacts, messages and other personal data still encrypted.
Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, and Lorenzo Franceschi-Bicchierai on Signal on +1 917 257 1382. Details on our SecureDrop, a system to anonymously submit documents or information, can be found here.