A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors.
“It demonstrates that even state and local police do have access to this data in many situations,” Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, told Motherboard in a Twitter message. “This seems to contradict what the FBI is saying about their inability to access these phones.”
As Forbes has reported Grayshift, the company behind GrayKey, is an American start-up that appears to be run by long-time U.S. intelligence agency contractors and an ex-Apple security engineer named Braden Thomas. It offers a $15,000 iPhone unlock tool named GrayKey, which permits 300 uses. That's for the online mode that requires constant connectivity at the customer end; an offline version costs $30,000 and comes with unlimited uses. GrayKey can purportedly unlock iPhones running iOS 10 and 11, with iOS 9 support in the works.
Thomas previously worked at at the tech giant for six years as a security engineer. At Apple, he focused on drastically increasing the internal fuzzing throughput and coverage, as well as performing proactive security reviews for many high-profile features.