The U.S. government just purchased a new weapon against iPhone encryption.
A section of the State Department reportedly paid $15,000 for a small black box that’s designed to break into an Apple iPhone in a matter of hours. Procurement documents obtained by Motherboard show the agency purchased a GrayKey iPhone-cracking tool from Greyshift on March 6. It reportedly works on devices running iOS 11, including the newest iPhone X and iPhone 8.
There are two versions of the product: a four-by-four inch box with unlimited use that costs $30,000 and an internet-connected version that permits 300 uses for $15,000. The State Department appears to have chosen the cheaper option. Greyshift says the time it takes for its device to unlock a phone is typically between a few hours to a few days depending on how strong its passcode is.
The security company can break into an iPhone by connecting it to one of two lightning cables sticking out of the side. After two minutes, the devices are injected with software and can be removed from the port. Details on how it all works are scarce, but the phone will supposedly pull up a black screen with the correct passcode and duration to unlock, MalwareBytes reports.
It’s not clear what vulnerability the device exploits, and whether Apple is aware of it. It’s possible the devices could become obsolete in a matter of days if the problem is patched.
Motherboard found the purchase receipt in the U.S. Government’s public procurement data system listed under “computer and computer peripheral equipment.” The publication verified the device belonged to Greyshift by comparing the phone number of the vendor to another GrayKey purchase made earlier this month by the Indiana State Police. GreyShift is a relatively unknown American startup that appears to be led by former U.S. intelligence contractors and an ex-Apple security engineer.
With its latest purchase, the State Department reignites a feud against Apple that began after the San Bernardino, California shooting in 2015, when the FBI urged Apple to unlock the gunman’s iPhone 5c. Apple denied multiple requests to circumvent its encryption and was eventually taken to court. The FBI dropped its demands after a third-party sold it a tool that could access the phone, ending a high-profile debate on whether companies should grant the government special permission to encrypted devices.
The debate has surfaced numerous times in the past years, but Apple has remained firm in its stance, claiming a backdoor would compromise its devices and result in customer backlash. We recently learned law enforcement has been using the fingerprint of dead criminals to unlock Touch ID-enabled devices.
A New York Times report on Saturday says law enforcement officials are renewing their campaign to force Apple into unlocking devices as part of criminal investigations.