Cryptography The Feds' Favorite iPhone Hackers Plan To Crack Android

Published on June 12th, 2019 📆 | 3545 Views ⚑

0

The Feds’ Favorite iPhone Hackers Plan To Crack Android

New Apple Store Opens At The Champs Elysee In Paris

Apple iPhones can be raided for data by U.S. law enforcement thanks to Grayshift's GrayKey, even if the company can't decipher the device's passcode. The Atlanta company may soon be turning its attention to Android, according to a leaked recording.

Getty Images

The U.S. government’s go-to hackers-for-hire to break into locked Apple iPhones, Grayshift, is planning to help crack another difficult nut: Google’s Android operating system.

The plans to pivot to Google’s operating system were revealed in a talk from Grayshift CEO David Miles. Speaking at a law enforcement and forensics event in Myrtle Beach, South Carolina, earlier this month, Miles said that whilst Apple’s iOS and iPhone remained the primary focus, Grayshift will soon be looking across other devices.

”The most logical next step would be some of the more modern Android devices, from Samsung and Google,” he said. “We are only focused on iOS today, but we will expand.” It’s the first time Grayshift has revealed plans to move on to Android.

Grayshift were first revealed by Forbes last year, when the company claimed it could crack the passcode of all modern iOS devices with its GrayKey hacking tool. Since then GrayShift has picked up contracts with major government bodies, from the Immigration Customs  and Enforcement (ICE) agency to the FBI.

The Atlanta-based start-up also found itself in a cat and mouse game with Apple, which continually updated its hardware and software to thwart GrayKey’s exploits. That same game will soon be played with Google, it appears.

Miles’ comments come after Forbes heard from sources in the forensics community that in some ways Android had become just as hard to break into as iPhone. Grayshift may face a tough challenge overcoming Google's security measures and a fractured ecosystem of different versions of Android running across a sea of phone models produced by different manufacturers.

GrayShift doesn’t need your passcode

In other revealing comments from the recording, Miles’ revealed some of the lesser-known capabilities of the GrayKey device. The most significant was GrayKey’s ability to access a significant amount of data on the iPhone without needing a passcode. Even if in a locked state, as long as an iPhone has been unlocked once and not turned off, it’s possible to get “almost everything” within, Miles said during his talk. He called this technique After First Unlock (AFU) extraction.

He admitted that there are still some encrypted parts of the phone that won’t be accessible, including the iPhone’s email database, frequent location information and health data. A passcode is required to access those. Miles didn't disclose if encrypted messaging apps like WhatsApp or Signal were accessible but GrayShift could tap text messages, images and even the Keychain, where iPhones store passwords for apps and other sites. And the hack works on all iPhones, up to the latest models.

GrayShift may have bypassed many of Apple's security measures but security upgrades in the most recent iPhone XR, XS and XS Max models have blocked the firm's "brute force" attempts to guess passcodes for now, according to Miles. Brute force attacks are simple: have a computer guess at what the passcode could be at speed until it gets the right answer. Apple has previously tried to prevent these from working by adding increasing time delays when passcode attempts were made beyond 10 guesses.

Miles said that Apple had updated security on its chips so that the old methods for bypassing those restrictions on those brute force attacks couldn’t be ported across to the new iPhones. But he claimed the tools to allow passcode retrieval on the latest Apple phones should be available to its customers soon.

But even when brute forcing is available, a strong alphanumeric passcode consisting of mixed characters, numbers and punctuation can make guessing passwords a long process. Miles said that some customers had left the brute forcing attacks continue running for over a year on an iPhone. That’s why Miles urged police to ensure any iPhone they seize doesn’t switch off and hope it’s been unlocked recently by the suspect so the AFU hack can work and draw out a significant amount of useful evidence.

GrayShift has a high profile within the security industry for its phone cracking tools but has avoided public attention, declining to talk to any press since its founding in early 2016. Miles and GrayShift didn't respond to emails requesting comment for this story

Apple also hadn’t responded to requests for comment.

">

The U.S. government’s go-to hackers-for-hire to break into locked Apple iPhones, Grayshift, is planning to help crack another difficult nut: Google’s Android operating system.

The plans to pivot to Google’s operating system were revealed in a talk from Grayshift CEO David Miles. Speaking at a law enforcement and forensics event in Myrtle Beach, South Carolina, earlier this month, Miles said that whilst Apple’s iOS and iPhone remained the primary focus, Grayshift will soon be looking across other devices.

”The most logical next step would be some of the more modern Android devices, from Samsung and Google,” he said. “We are only focused on iOS today, but we will expand.” It’s the first time Grayshift has revealed plans to move on to Android.

Grayshift were first revealed by Forbes last year, when the company claimed it could crack the passcode of all modern iOS devices with its GrayKey hacking tool. Since then GrayShift has picked up contracts with major government bodies, from the Immigration Customs  and Enforcement (ICE) agency to the FBI.

The Atlanta-based start-up also found itself in a cat and mouse game with Apple, which continually updated its hardware and software to thwart GrayKey’s exploits. That same game will soon be played with Google, it appears.

Miles’ comments come after Forbes heard from sources in the forensics community that in some ways Android had become just as hard to break into as iPhone. Grayshift may face a tough challenge overcoming Google's security measures and a fractured ecosystem of different versions of Android running across a sea of phone models produced by different manufacturers.

GrayShift doesn’t need your passcode

In other revealing comments from the recording, Miles’ revealed some of the lesser-known capabilities of the GrayKey device. The most significant was GrayKey’s ability to access a significant amount of data on the iPhone without needing a passcode. Even if in a locked state, as long as an iPhone has been unlocked once and not turned off, it’s possible to get “almost everything” within, Miles said during his talk. He called this technique After First Unlock (AFU) extraction.

He admitted that there are still some encrypted parts of the phone that won’t be accessible, including the iPhone’s email database, frequent location information and health data. A passcode is required to access those. Miles didn't disclose if encrypted messaging apps like WhatsApp or Signal were accessible but GrayShift could tap text messages, images and even the Keychain, where iPhones store passwords for apps and other sites. And the hack works on all iPhones, up to the latest models.

GrayShift may have bypassed many of Apple's security measures but security upgrades in the most recent iPhone XR, XS and XS Max models have blocked the firm's "brute force" attempts to guess passcodes for now, according to Miles. Brute force attacks are simple: have a computer guess at what the passcode could be at speed until it gets the right answer. Apple has previously tried to prevent these from working by adding increasing time delays when passcode attempts were made beyond 10 guesses.

Miles said that Apple had updated security on its chips so that the old methods for bypassing those restrictions on those brute force attacks couldn’t be ported across to the new iPhones. But he claimed the tools to allow passcode retrieval on the latest Apple phones should be available to its customers soon.

But even when brute forcing is available, a strong alphanumeric passcode consisting of mixed characters, numbers and punctuation can make guessing passwords a long process. Miles said that some customers had left the brute forcing attacks continue running for over a year on an iPhone. That’s why Miles urged police to ensure any iPhone they seize doesn’t switch off and hope it’s been unlocked recently by the suspect so the AFU hack can work and draw out a significant amount of useful evidence.

GrayShift has a high profile within the security industry for its phone cracking tools but has avoided public attention, declining to talk to any press since its founding in early 2016. Miles and GrayShift didn't respond to emails requesting comment for this story

Apple also hadn’t responded to requests for comment.

Source link

Free Download WordPress Themes
Download Nulled WordPress Themes
Download Nulled WordPress Themes
Free Download WordPress Themes
free online course

Tagged with:



Leave a Reply ✍


loading...