'There's Possibility That GrayKey Ends Up in Wrong Hands' - Security Researcher

The US police have been increasingly purchasing a tool that can unblock iPhones. According to a Motherboard investigation, regional police forces have bought or are planning to buy the device dubbed GrayKey. The Secret Service is also looking to purchase at least half a dozen GrayKey boxes for unlocking iPhones.
Sputnik

Sputnik: Why have law enforcement and other agencies taken such interest in the technology? What is your take on the FBI's particular push for access to encrypted devices?

Thomas Reed: Obviously law enforcement is always seeking ways to get more information that they can use for solving crimes and with the increasing encryption of personal electronics, especially iPhones that's becoming increasingly difficult for them.

The big problem that they're facing is that there really haven't been any really good ways of decrypting that information. Until GrayKey came along, one of the only options that law enforcement had was to contact the company called Cellebrite, which is an Israeli company that offers iPhone unlocking services, those services, however, are done off-site at Cellebrite facilities.

READ MORE: Beware the Russians: British Boogeyman Recipe to Making Strong Points

So law enforcement has to send or otherwise deliver devices to them, and they cost per device, so I've seen estimates that Cellebrite services cost about $5,000 per device. If you've got, say a thousand iPhones that are waiting in a backlog that you need information from and can't get it, that can cost $5 million just to unlock those thousand devices. If you were to buy a $15,000 GrayKey then you could unlock all those devices all at once with no additional charge, so this is a huge benefit for law enforcement.

Sputnik: What about the legal aspect of this procedure? Should we choose security over privacy? Where should be the borderline between access to evidence against criminals and data breach?

Thomas Reed: That's the big question, obviously, everybody wants law enforcement to be able to do their jobs and keep people safe, but at the same time this kind of technology is not something that is necessarily limited to law enforcement. For example, with the GrayKey, obviously, they are using some kind of a vulnerability in iOS to be able to crack these iPhones, and the mere fact that vulnerability exists and that they're not telling Apple about it and getting it fixed is a serious problem, because it means that other people may also know about this vulnerability and may be using it for illicit purposes. There's also always the possibility that GrayKey devices could end up in the wrong hands and end up getting abused for malicious purposes.

READ MORE: Facebook: 'If a Service is Free, You are the Product' — Hacker

Sputnik: When you say the wrong hands, is it attackers, is it terrorists?

Thomas Reed: It could be literally anybody, it could even be potentially rogue law enforcement, obviously, I don't want to say that we can't trust law enforcement. I think that the majority of law enforcement officers are trustworthy. They're trying to do a good thing, but not everybody in law enforcement is there for the right reason, but the primary concern in my mind is what happens if a criminal or a terrorist or an oppressive government, for example, gets hold of this technology if they were able to reverse engineer it, or if they were able to use the device itself for their own purposes, that would be a serious threat to the safety and security of iPhone owners.

Sputnik: So, Mr. Reed how soon will we learn that the National Security Agency is again snooping on everyone?

Thomas Reed: With this GrayKey that does make it a little bit more possible, although, the one benefit at least is that they would have to have physical access to the phone, so this wouldn't give anyone, even the NSA, the ability to get into your phone remotely.

The views of the speaker do not necessarily reflect those of Sputnik.

Discuss