Cops Are Hacking iPhones With Secretive $15,000 GrayKey

Greetings everyone,

This Is somewhat old(er) news, but nonetheless, certainly worthy of contributing. Some say It's speculation, but apparently the NYPD can unlock the latest IPhone using the Grayshift GrayKey, which performs a similar function to that of a lock pick, but In digital form.

As a side note but on the topic of cell phone security, allow me to briefly comment on (biometric) fingerprint authentication and the reasons you should not have It enabled. Because fingerprint scanners are so small, they only take "partial prints", hence full human fingerprints are next to Impossible to match. As such, the device will store around (example) 10 fingerprint Images- just to make It easier to find a match. A finger swipe only has to match "one partial stored Image", thus a mismatch can happen with anyone's print.
Furthermore, law enforcement agencies can obtain a warrant and force the user to unlock the phone. They can't force you to remember the numeric code, can they?

Back to the topic at hand.

With its promise to unlock the latest Apple iPhone models, the Grayshift GrayKey has been increasingly popular across local and federal police forces. From the FBI and the Coast Guard to the IRS, U.S. government divisions have become big fans of the hacking box, which hooks up to iPhones via the Lightning port before attempting to find device passcodes.

But, until now, there was no solid evidence GrayShift’s digital lockpick worked as advertised. No case had been documented where the GrayKey had cracked open an actual iPhone. But this week Forbes obtained a successful application for a court order (published below) to allow the Special Narcotics Prosecutor for New York to use GrayKey to unlock a pair of iPhones belonging to a suspect accused of selling crack to an undercover officer.

According to the court filing, a forensics expert at the Special Narcotics Prosecutor believed GrayKey would allow him to obtain the iPhones’ passcode and “perform a full data extraction on the devices’ hard drive, SIM card and its applications.” The order was granted by an unnamed New York judge.

[To see links please register here]

Another great reason to not use those fingerprint scanners. I never trusted them from the beginning.

(07-07-2018, 07:56 AM)Percent Wrote:

[To see links please register here]

Another great reason to not use those fingerprint scanners. I never trusted them from the beginning.

It's a pleasure to read you're In agreement.

I can list so many vulnerabilities and methodologies used to circumvent fingerprint scanners, but It's beyond the scope of this post. On-topic, I'm keeping a close eye for further developments pertaining to this article and shall contribute If and when they're at my disposal.

This shouldn't be allowed. For me, I could just work as a cop and get access to that and fuck everyone over. Any tool like that should only be given to the agency and, law enforcement(Feds)

(07-07-2018, 08:46 AM)Mimiakira Wrote:

[To see links please register here]

This shouldn't be allowed.

It's treated on a case-by-case basis.

If they (NYPD) have probable cause that justifies their Investigation, they're well within their rights to access a given device.

Thanks for the informative writing

Although I very much like the fingerprint authentication on my phone, I guess I'll have to leave it for good.

(07-10-2018, 06:53 PM)GosuSang Wrote:

[To see links please register here]

Thanks for the informative writing

Although I very much like the fingerprint authentication on my phone, I guess I'll have to leave it for good.

Don't get me wrong, biometric authentication (fingerprint In this case) Is secure there's no question about It. However, those who question assumptions, work around the obvious and exhaust all avenues with their attempt to circumvent It's security, will get In.

In my Initial post above, I've only covered the basics of It's Insecurities. For example stating the obvious that a lot of users overlook, given some devices prompt for a numeric password after ex-amount of Invalid (fingerprint) authentication attempts, you're not trying to bypass the forefront- being fingerprint authentication. It's more so a deliberate act of Invalid finger swipes to trigger the numeric password login and compromise that. Ultimately, using this simplistic method, fingerprint authentication Isn't part of the equation, hence useless.

Old school moron here, but some scotch tape and a coffee mug, or some other object, may be able to get you a finger print. hell if that laptop or phone itself wouldnt have the owners finger print on it some where? lol seems kinda like the stupidest idea if you ask me. Seriously. how is the owner of ANY device with a finger reader not going to have his or her own prints on it?

but anyway back to the real issue imo is how the establishment uses all this tech people create, which violate your own constitutional laws which protect you and everyone around. At least to some degree. I mean if you really hacked Mrs Johnson up and are dealing meth our of her shed, and using her phone to make the deals, the police gonna know and they gonna find probable cause. but what about someone who isnt actually committing a crime? other grey areas? misused or right out abuse, say a cop got a grudge on someone from something they said online. Anyway abuse is abuse,

I dont use the shit... thats how I am free to some little degree, from all that risk. I dont own a phone, I dont use a phone. I hardly use a computer now. its not cause I did something wrong, or cause im hiding. Im not. I know i have no warrants. I am not a criminal. I have got myself in minor trouble over the course of my life but that happens to all of us. I assume at least. more or less... no one is perfect. but um.. its getting out of hand imo. same with politics, so i dont watch the tv. in fact i dont own a tv. well i do its on the porch getting wet. i sit on it sometimes when i smoke a scoobie doobie outside. :smile:

Im not feeling like the other edge, of that double edge sword of technology and how we choose to use it, is worth the benefits. I dont have anyone to talk to anymore but what about everyone else. you all stuck with having to have one. guy from the va comes over to make sure im alive once a month and he asks how my job search is coming and Im like dude who the fuck said i even wanted a job. I mean step back for a sec and its like why do we have all this shit... consider all the problems and issues, abuses? is it even worth it? for what? pay to feed yourself? shit man...

idk what fucking american dream hundreds of millions of people are shouting and voting and horraying for but i dont see it... lol

(07-17-2018, 04:36 AM)singlehandlogic Wrote:

[To see links please register here]

Old school moron here, but some scotch tape and a coffee mug, or some other object, may be able to get you a finger print.

This does work, but It's not always the case.

Some manufacturers use "anti-spoofing" fingerprint techniques, such as looking for perspiration. This helps Identify a real finger and not your above-mentioned entities. Having said that, most don't use anti-spoofing, hence you can unlock a phone as follows.

* Fingerprint on masking tape.
* Fingerprint on silicon gel (mould).
* Photocopy of a fingerprint.
* Finger of a "corpse".

All these have been tried, tested and succeeded. Remember, It's matching a "partial" stored Image, not the full finger fingerprint.

(07-17-2018, 05:13 AM)mothered Wrote:

[To see links please register here]

(07-17-2018, 04:36 AM)singlehandlogic Wrote:

[To see links please register here]

Old school moron here, but some scotch tape and a coffee mug, or some other object, may be able to get you a finger print.

This does work, but It's not always the case.

Some manufacturers use "anti-spoofing" fingerprint techniques, such as looking for perspiration. This helps Identify a real finger and not your above-mentioned entities. Having said that, most don't use anti-spoofing, hence you can unlock a phone as follows.

* Fingerprint on masking tape.
* Fingerprint on silicon gel (mould).
* Photocopy of a fingerprint.
* Finger of a "corpse".

All these have been tried, tested and succeeded. Remember, It's matching a "partial" stored Image, not the full finger fingerprint.

Would love to try the masking tape method.