Search the Community
Showing results for tags 'grayshift'.
Found 2 results
ADN posted a topic in Security & Privacy NewsIn November 2016, around seven hours after Abdul Razak Ali Artan had mowed down a group of people in his car, gone on a stabbing spree with a butcher's knife and been shot dead by a police officer on the grounds of Ohio State University, an FBI agent applied the bloodied body's index finger to the iPhone found on the deceased. The cops hoped it would help them access the Apple device to learn more about the assailant's motives and Artan himself. This is according to FBI forensics specialist Bob Moledor, who detailed for Forbes the first known case of police using a deceased person's fingerprints in an attempt to get past the protections of Apple's Touch ID technology. Unfortunately for the FBI, Artan's lifeless fingerprint didn't unlock the device (an iPhone 5 model, though Moledor couldn't recall which. Touch ID was introduced in the iPhone 5S). In the hours between his death and the attempt to unlock, when the feds had to go through legal processes regarding access to the smartphone, the iPhone had gone to sleep and when reopened required a passcode, Moledor said. He sent the device to a forensics lab which managed to retrieve information from the iPhone, the FBI phone expert and a Columbus officer who worked the case confirmed. That data helped the authorities determine that Artan's failed attempt to murder innocents may have been a result of ISIS-inspired radicalization. Where Moledor's attempt failed, others have succeeded. Separate sources close to local and federal police investigations in New York and Ohio, who asked to remain anonymous as they weren't authorized to speak on record, said it was now relatively common for fingerprints of the deceased to be depressed on the scanner of Apple iPhones, devices which have been wrapped up in increasingly powerful encryption over recent years. For instance, the technique has been used in overdose cases, said one source. In such instances, the victim's phone could contain information leading directly to the dealer. No privacy for the dead And it's entirely legal for police to use the technique, even if there might be some ethical quandaries to consider. Marina Medvin, owner of Medvin Law, said that once a person is deceased, they no longer have a privacy interest in their dead body. That means they no longer have standing in court to assert privacy rights. Relatives or other interested parties have little chance of stopping cops using fingerprints or other body parts to access smartphones too. "Once you share information with someone, you lose control over how that information is protected and used. You cannot assert your privacy rights when your friend's phone is searched and the police see the messages that you sent to your friend. Same goes for sharing information with the deceased - after you released information to the deceased, you have lost control of privacy," Medvin added. Police know it too. "We do not need a search warrant to get into a victim's phone, unless it's shared owned," said Ohio police homicide detective Robert Cutshall, who worked on the Artan case. In previous cases detailed by Forbes police have required warrants to use the fingerprints of the living on their iPhones. But there are some anxieties around the ability of the police to turn up at a crime scene and immediately start accessing deceased individuals' cellphones without any need for permission. Greg Nojeim, senior counsel and director of the Freedom, Security and Technology Project at the Center for Democracy & Technology, said it's possible in many cases there would be a valid concern about law enforcement using fingerprints on smartphones without any probable cause. "That's why the idea of requiring a warrant isn't out of bounds," Nojeim added. Alongside the lack of legal restrictions, the fingerprint method's much cheaper than having to pay a contractor like Cellebrite or U.S. startup GrayShift (whose iPhone hacking tech was revealed by Forbes earlier this month) to unlock a phone. Whilst Cellebrite is believed to charge between $1,500 and $3,000 for each iPhone, GrayShift's GrayKey hacking box costs up to $30,000 for unlimited unlock attempts. Once the phone's opened, the cops will keep it in that state and send the device to forensics experts. They'll then use tools like Cellebrite's UFED tech to draw all the information out for investigators to explore. More often than not, police will already have those forensics services on hand. Face ID hacks Police are now looking at how they might use Apple's Face ID facial recognition technology, introduced on the iPhone X. And it could provide an easier path into iPhones than Touch ID. Marc Rogers, researcher and head of information security at Cloudflare, told Forbes he'd been poking at Face ID in recent months and had discovered it didn't appear to require the visage of a living person to work. Whilst Face ID is supposed to use your attention in combination with natural eye movement, so fake or non-moving eyes can't unlock devices, Rogers found that the tech can be fooled simply using photos of open eyes. That was something also verified by Vietnamese researchers when they claimed to have bypassed Face ID with specially-created masks in November 2017, said Rogers. Secondly, Rogers discovered this was possible from many angles and the phone only seemed to need to see one open eye to unlock. "In that sense it's easier to unlock than Touch ID - all you need to do is show your target his or her phone and the moment they glance it unlocks," he added. Apple declined to comment for this article. Obviously, for the average user who's in control of their phone, there isn't much to worry about here. And there's no evidence police have opened victims' iPhones via Face ID. So far. "I don't know that's been used yet," said Moledor. "It's probably going to be same as using the fingerprint. As long as the subject is recognisable, it should work." Don't be surprised if cops do start holding iPhone X devices up to the faces of the dead in the near future then, if it hasn't happened already. As Cutshall said: "I've not be told there's a legal issue to use people's fingerprints or facial recognition to get into a phone... [if it's part of a legal process] that'd be something we would do." Forbes.com
ADN posted a topic in Security & Privacy NewsGrayshift is a cyber security firm that creates advanced technological solutions for local, state, and federal governments. This firm has created a solution which allows for a government body to plug in any iPhone and it will unlock the phone. The part of this technology that makes it very appealing for governments is the price model. Grayshift has created two different pricing models for agencies. One way is to buy the tool at full price for an unlimited amount of unlocks which would set an agency back $30,000. The other more economical solution for agencies is the same tool connected to the internet with a limitation of 300 devices costs $15,000 which comes down to $50 per device. According to the US government's public federal procurement data system, the State Department had a purchase order from Grayshift for a little over $15,000 indicating that they purchased the online 300 device unlocking tool. The listing is vague with the category listed as "computer and computer peripheral equipment". Motherboard has confirmed that the Grayshift in the State Department listing is the same as the one from the Indiana State Police purchase order of a GrayKey. You can see a screenshot of the State Department's purchase order below. Grayshift does not have much competition in this space either as the only other known company to do something similar is Cellebrite who's pricing is much higher with the tool costing $200,000 or $5,000 per device. This is a significantly higher price than the one that is offered by Grayshift making it the preferred firm of agency's purely based on price. Modmy.com