iPhone Unlocking Tech GrayKey Went Up in Price Because Hacking iPhones Got Harder

Last year, iOS forensics firm Grayshift increased the price of one of its iPhone unlocking products because breaking into iPhones became harder, according to emails obtained by Motherboard.

The news shows that although federal agencies and local police around the country have purchased the company's GrayKey device to break into locked and encrypted iPhones, that sort of access is not necessarily constant. The emails also highlight the cat and mouse game between forensic companies trying to discover vulnerabilities to unlock iPhones and Apple trying to make it harder for hackers of any stripe to break into its products.

"On Wednesday I was asked by my Lieutenant to complete some paperwork for final approval process for purchasing a GrayKey," a detective from the Computer Forensics Unit at the Bakersfield Police Department wrote in an email to a Grayshift account manager in February 2019. "I also just heard that the cost of GrayKey is going to or has already increased," he added. Motherboard obtained the emails through a public records act request to the police department.

The Grayshift employee replied confirming the company increased the price in 2019, and said it was because "Forensic Access to iOS continues to increase in difficulty and complexity, and we are making large investment in R&D to bring you the level of support you have come to expect."

The Grayshift employee added in a further email that the price of a year long subscription to the online version of GrayKey increased to $18,000 a year. Grayshift offers two versions of its GrayKey: an offline, unlimited use model which was $30,000 at launch, and the online version which requires internet connectivity and permits 300 uses.

"After year one, your Graykey renewal will be $18k per year," the Grayshift employee wrote to the detective. In another email, he writes that the police department will get "the latest Graykey RevC," a particular model of GrayKey for which the name has not been previously reported. In an earlier email, the detective asked if "our GrayKey will be a new model with the USB ports?"

In an email the following year, the detective suggested that his police department will renew the GrayKey license for the $18,000 fee.

A recap of a city council meeting from Chandler City, Arizona, shows the city approved the same amount to buy "Graykey Device software annual licensing for the Police Department."

The cost and availability of tools or services to unlock iPhones has fluctuated widely in the past several years after Apple enabled device encryption when a user setup a passcode with iOS 8 in 2014. In 2016 the FBI paid over a million dollars to unlock the iPhone 5C running iOS 9 belonging to one of the San Bernardino terrorists. Forensic firm Cellebrite offered a service where customers could send their devices to the company to be unlocked, and then in June 2019 released an updated version of its hardware product, called the UFED, that clients could use themselves to unlock iPhones.

Last week Motherboard published the most comprehensive, public analysis of iPhone unlocking warrants to date. As part of that investigation, Motherboard collected documents related to over 500 cases and released a database of the findings. The analysis showed that the capability to unlock iPhones is a fluid issue, with some law enforcement officials being able to access devices and others not.

Apple has made continuous improvements to the security of its iPhones, and particularly around thwarting those who have physical access to the device. Its Secure Enclave, essentially another computer running inside the iPhone with its own operating system, is designed to keep cryptographic material more secure and mitigate against brute force attempts. And in 2018, Apple first introduced USB Restricted Mode, which could have meant law enforcement would need to unlock a device within a week of them last being unlocked. Grayshift warned customers about the upcoming changes at the time, but clients were confident Grayshift had found a workaround, according to other emails previously obtained by Motherboard.

"I think it's going to get harder and harder to find these kinds of unlocking flaws, because Apple does control the entire stack," Alex Stamos, director of the Stanford Internet Observatory and former Facebook chief security officer, previously told Motherboard. "I think a couple more hardware revisions of understanding the ways that these unlocks are happening and [Apple is] going to make it extremely difficult. Which then will bring this debate back," Stamos added, referring to the debate over the Department of Justice's attempts to compel Apple to create a backdoor in its devices to allow more reliable access to phones' contents.

Neither Grayshift or Apple responded to a request for comment.

"Congrats and have fun with the Graykey," the accounts manager added in their emails with the detective.

Subscribe to our cybersecurity podcast, CYBER.