CosicBeMar 5
KU Leuven cryptography expert Prof. Bart Preneel says in Nieuwsblad tools like #GrayKey don’t surprise him, it’s a constant cat‑and‑mouse game between smartphone makers and those trying to break their security.
https://www.nieuwsblad.be/binnenland/overheidsdienst-kan-en-mag-voortaan-je-smartphone-ontgrendelen-hoogst-problematisch/138953487.html (paywall)
Cybersecurity & cyberwarfareSep 19

L'ICE, l'antiimmigrazione USA, firma un nuovo contratto da 3 milioni di dollari per la tecnologia di hacking telefonico

#HomelandSecurityInvestigations (HSI), il braccio operativo dell'Immigration and Customs Enforcement (ICE) degli Stati Uniti, ha firmato un contratto del valore di 3 milioni di dollari con #MagnetForensics, un'azienda che produce un dispositivo per l'hacking e lo sblocco dei telefoni chiamato Graykey.

Il contratto, apparso martedì in un database di appalti del governo federale, si riferisce alle licenze software per la tecnologia di hacking telefonico di HSI "per recuperare prove digitali, elaborare più dispositivi e generare report forensi essenziali per la missione di protezione della sicurezza nazionale e pubblica".

Sebbene il contratto non menzioni il nome del prodotto, è probabile che si riferisca a #Graykey, un sistema forense per sbloccare gli smartphone ed estrarre dati da essi, originariamente sviluppato da Grayshift. Magnet Forensics si è fusa con Grayshift in seguito all'acquisizione da parte della società di private equity Thoma Bravo nel 2023.


techcrunch.com/2025/09/18/ice-…

@informatica


Il post di @lorenzofb è su #TechCrunch
RE: infosec.exchange/users/lorenzo…

Martin SeegerJun 17, 2025

Update 3: You can find my PostMortem here: https://infosec.exchange/@masek/114721620930871030

Update 2: As far as I can tell, the servers that caused the leak belonged to the DOJ in Montana. We reached them in two ways:

  • Through this post we got contact to the vendor of the software. With the Serial# (in the extraction reports) they could identify whom to call.
  • A friend had a contact in one of the affected police department and they reached out to the DOJ.

Thanks to this community I was also able to get a contact within the FBI. Furthermore some media contacted me and a lot of Mastodon users provided me with additional contacts.

Event though I contacted the AG in Monatana and one PD, no one has reached out to me from the DOJ side.

Update 1: Leak is closed. Will write more tomorrow. Thank you to everyone who helped.

Phone forensics

Usually law enforcement is very secretive about them analyzing the phones of suspects.

But a forensic lab in #montana is extremely transparent about it. They put the dump of every phone on a public share. Everyone with Internet access can access those dumps.

While I am usually a proponent of government transparency, this takes it a bit too far even for my taste.

Every phone dump is one directory and some case names can be easily connected to crime & death headline news in the U.S.

So for one case I am pretty sure, that I can even say which Sheriff is responsible for that one of the investigations.

I sent that Sheriff an email, i sent him a text message and I even spoke on his voicebox. I even sent him the extraction report from Graykey.

It is really frustrating that I get no response at all. The leak is still open.

The security researcher that found the leak also tried some contacts but had as little success as I do.

I personally believe that this leaks even constitutes a federal crime. Some cases have names ending on CSAM. The security researcher stayed away from any of those and I did not access the files on that server at all.

So does anybody know someone within the #fbi that would give a shit about that. I am getting very tired.

#graykey #cellebrite #forensics

Martin Seeger (@[email protected])

## PostMortem: Assumed DOJ Montana Leak of Phone Dumps ### Type of leak Highly confidential information on a public SMB share without authentication ### Threats from the leak I see the following threats: - Integrity and Confidentiality of investigations into serious crimes compromised - Privacy of U.S. citizens compromised (very likely to contain most intimate data) - Providing 3rd parties hostile to the U.S. with blackmail material 1/4

Infosec Exchange
st1nger  🏴‍☠️  Dec 2, 2024
An image of a document detailing #graykey functionality with #iPhones operating on #iOS 18.0 and 18.0.1. Image credit: 404 Media, details: https://appleinsider.com/articles/24/11/19/leak-what-law-enforcement-can-unlock-with-the-graykey-iphone-hacking-tool
Rare leak exposes iPhone unlocking capabilities by law enforcement

Leaked documents reveal the secrets behind Graykey, the covert forensic tool used to unlock modern smartphones, exposing its struggles with Apple's latest iOS updates.

AppleInsider
Benjamin Carr, Ph.D. 👨🏻‍💻🧬Dec 1, 2024
Leaked Documents Show What #Phones Secretive Tech ‘#Graykey’ Can Unlock
The documents provide insight into cat-and-mouse game between forensics companies and #phone manufacturers #Apple and #Google.
The Graykey, a tool used by #lawenforcement around world, is only able to retrieve partial data from all modern #iPhones that run #iOS18 or iOS 18.0.1. Graykey’s capabilities against #Android devices are more mixed, likely due to high level of variance between Android devices
https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/
Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock

The documents provide never-been-seen insight into the current cat-and-mouse game between forensics companies and phone manufacturers Apple and Google.

404 Media
Marcel SIneM(S)USNov 29, 2024
#Graykey: Entschlüsselungswerkzeug kann teilweise #iOS18 aufsperren | Mac & i https://www.heise.de/news/Graykey-Entschluesselungswerkzeug-kann-teilweise-iOS-18-aufsperren-10175639.html #Apple  #iPhone
Graykey: Entschlüsselungswerkzeug kann teilweise iOS 18 aufsperren

Im Zusammenhang mit Apples neuem Reboot-Schutz vor Entsperrung sind Informationen aufgetaucht, was Forensikunternehmen mit aktuellen iPhones tun können.

heise online
Mela News Nov 21, 2024
Documenti trapelati mostrano che Graykey può accedere parzialmente agli iPhone 16, ma non se utilizzano le beta di iOS 18 🔓📱. Competitore di Cellebrite, Graykey è destinato alle forze dell’ordine 🚔🔍. Importanti sviluppi nella sicurezza mobile 🔒 #Graykey #Cellebrite #iPhone16 #iOS18 #Sicurezza
Show threadKevin Karhan Nov 21, 2024

@josephcox where can I get this gile?

#Graykey #Leak

Miguel Afonso CaetanoNov 20, 2024

"With iOS 18.0, released to the public on September 16, Graykey has “partial” access to data from the iPhone 12 right up to the latest iPhone 16 series. The same is true for those iPhones running iOS 18.0.1, which was released on October 3, according to the document.

The document does not list what exact types of data are included in a “partial” retrieval and Magnet declined to comment on what data is included in one. In 2018, Forbes reported that a partial extraction can only draw out unencrypted files and some metadata, including file sizes and folder structures.

Still, the new document indicates Graykey is not able to obtain all of the data from modern iPhones."

https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/

#CyberSecurity #Hacking #iPhone #iOS #Graykey #Android #GooglePixel

Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock

The documents provide never-been-seen insight into the current cat-and-mouse game between forensics companies and phone manufacturers Apple and Google.

404 Media
MacGenerationNov 20, 2024
Le GrayKey ne peut récupérer qu’une parties des données des iPhone sous iOS 18 http://dlvr.it/TGHhgL #GrayKey #iPhone
Le GrayKey ne peut récupérer qu’une parties des données des iPhone sous iOS 18

Si Cellebrite a beaucoup fait parler d’elle, c’est loin d’être la seule boîte spécialisée dans le crack d’iPhone. Magnet Forensics est une entreprise américaine faisant elle aussi son beurre sur l’ouverture d’appareils iOS et Android verrouillés. Sel...

iGeneration