CosicBeMar 5
KU Leuven cryptography expert Prof. Bart Preneel says in Nieuwsblad tools like #GrayKey don’t surprise him, it’s a constant cat‑and‑mouse game between smartphone makers and those trying to break their security.
https://www.nieuwsblad.be/binnenland/overheidsdienst-kan-en-mag-voortaan-je-smartphone-ontgrendelen-hoogst-problematisch/138953487.html (paywall)
Cybersecurity & cyberwarfareSep 19, 2025

L'ICE, l'antiimmigrazione USA, firma un nuovo contratto da 3 milioni di dollari per la tecnologia di hacking telefonico

#HomelandSecurityInvestigations (HSI), il braccio operativo dell'Immigration and Customs Enforcement (ICE) degli Stati Uniti, ha firmato un contratto del valore di 3 milioni di dollari con #MagnetForensics, un'azienda che produce un dispositivo per l'hacking e lo sblocco dei telefoni chiamato Graykey.

Il contratto, apparso martedì in un database di appalti del governo federale, si riferisce alle licenze software per la tecnologia di hacking telefonico di HSI "per recuperare prove digitali, elaborare più dispositivi e generare report forensi essenziali per la missione di protezione della sicurezza nazionale e pubblica".

Sebbene il contratto non menzioni il nome del prodotto, è probabile che si riferisca a #Graykey, un sistema forense per sbloccare gli smartphone ed estrarre dati da essi, originariamente sviluppato da Grayshift. Magnet Forensics si è fusa con Grayshift in seguito all'acquisizione da parte della società di private equity Thoma Bravo nel 2023.


techcrunch.com/2025/09/18/ice-…

@informatica


Il post di @lorenzofb è su #TechCrunch
RE: infosec.exchange/users/lorenzo…

Martin SeegerJun 17, 2025

Update 3: You can find my PostMortem here: https://infosec.exchange/@masek/114721620930871030

Update 2: As far as I can tell, the servers that caused the leak belonged to the DOJ in Montana. We reached them in two ways:

  • Through this post we got contact to the vendor of the software. With the Serial# (in the extraction reports) they could identify whom to call.
  • A friend had a contact in one of the affected police department and they reached out to the DOJ.

Thanks to this community I was also able to get a contact within the FBI. Furthermore some media contacted me and a lot of Mastodon users provided me with additional contacts.

Event though I contacted the AG in Monatana and one PD, no one has reached out to me from the DOJ side.

Update 1: Leak is closed. Will write more tomorrow. Thank you to everyone who helped.

Phone forensics

Usually law enforcement is very secretive about them analyzing the phones of suspects.

But a forensic lab in #montana is extremely transparent about it. They put the dump of every phone on a public share. Everyone with Internet access can access those dumps.

While I am usually a proponent of government transparency, this takes it a bit too far even for my taste.

Every phone dump is one directory and some case names can be easily connected to crime & death headline news in the U.S.

So for one case I am pretty sure, that I can even say which Sheriff is responsible for that one of the investigations.

I sent that Sheriff an email, i sent him a text message and I even spoke on his voicebox. I even sent him the extraction report from Graykey.

It is really frustrating that I get no response at all. The leak is still open.

The security researcher that found the leak also tried some contacts but had as little success as I do.

I personally believe that this leaks even constitutes a federal crime. Some cases have names ending on CSAM. The security researcher stayed away from any of those and I did not access the files on that server at all.

So does anybody know someone within the #fbi that would give a shit about that. I am getting very tired.

#graykey #cellebrite #forensics

Martin Seeger (@[email protected])

## PostMortem: Assumed DOJ Montana Leak of Phone Dumps ### Type of leak Highly confidential information on a public SMB share without authentication ### Threats from the leak I see the following threats: - Integrity and Confidentiality of investigations into serious crimes compromised - Privacy of U.S. citizens compromised (very likely to contain most intimate data) - Providing 3rd parties hostile to the U.S. with blackmail material 1/4

Infosec Exchange
st1nger  🏴‍☠️  Dec 2, 2024
An image of a document detailing #graykey functionality with #iPhones operating on #iOS 18.0 and 18.0.1. Image credit: 404 Media, details: https://appleinsider.com/articles/24/11/19/leak-what-law-enforcement-can-unlock-with-the-graykey-iphone-hacking-tool
Rare leak exposes iPhone unlocking capabilities by law enforcement

Leaked documents reveal the secrets behind Graykey, the covert forensic tool used to unlock modern smartphones, exposing its struggles with Apple's latest iOS updates.

AppleInsider
Benjamin Carr, Ph.D. 👨🏻‍💻🧬Dec 1, 2024
Leaked Documents Show What #Phones Secretive Tech ‘#Graykey’ Can Unlock
The documents provide insight into cat-and-mouse game between forensics companies and #phone manufacturers #Apple and #Google.
The Graykey, a tool used by #lawenforcement around world, is only able to retrieve partial data from all modern #iPhones that run #iOS18 or iOS 18.0.1. Graykey’s capabilities against #Android devices are more mixed, likely due to high level of variance between Android devices
https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/
Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock

The documents provide never-been-seen insight into the current cat-and-mouse game between forensics companies and phone manufacturers Apple and Google.

404 Media
Marcel SIneM(S)USNov 29, 2024
#Graykey: Entschlüsselungswerkzeug kann teilweise #iOS18 aufsperren | Mac & i https://www.heise.de/news/Graykey-Entschluesselungswerkzeug-kann-teilweise-iOS-18-aufsperren-10175639.html #Apple  #iPhone
Graykey: Entschlüsselungswerkzeug kann teilweise iOS 18 aufsperren

Im Zusammenhang mit Apples neuem Reboot-Schutz vor Entsperrung sind Informationen aufgetaucht, was Forensikunternehmen mit aktuellen iPhones tun können.

heise online
Mela News Nov 21, 2024
Documenti trapelati mostrano che Graykey può accedere parzialmente agli iPhone 16, ma non se utilizzano le beta di iOS 18 🔓📱. Competitore di Cellebrite, Graykey è destinato alle forze dell’ordine 🚔🔍. Importanti sviluppi nella sicurezza mobile 🔒 #Graykey #Cellebrite #iPhone16 #iOS18 #Sicurezza
Miguel Afonso CaetanoNov 20, 2024

"With iOS 18.0, released to the public on September 16, Graykey has “partial” access to data from the iPhone 12 right up to the latest iPhone 16 series. The same is true for those iPhones running iOS 18.0.1, which was released on October 3, according to the document.

The document does not list what exact types of data are included in a “partial” retrieval and Magnet declined to comment on what data is included in one. In 2018, Forbes reported that a partial extraction can only draw out unencrypted files and some metadata, including file sizes and folder structures.

Still, the new document indicates Graykey is not able to obtain all of the data from modern iPhones."

https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/

#CyberSecurity #Hacking #iPhone #iOS #Graykey #Android #GooglePixel

Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock

The documents provide never-been-seen insight into the current cat-and-mouse game between forensics companies and phone manufacturers Apple and Google.

404 Media
MacGenerationNov 20, 2024
Le GrayKey ne peut récupérer qu’une parties des données des iPhone sous iOS 18 http://dlvr.it/TGHhgL #GrayKey #iPhone
Le GrayKey ne peut récupérer qu’une parties des données des iPhone sous iOS 18

Si Cellebrite a beaucoup fait parler d’elle, c’est loin d’être la seule boîte spécialisée dans le crack d’iPhone. Magnet Forensics est une entreprise américaine faisant elle aussi son beurre sur l’ouverture d’appareils iOS et Android verrouillés. Sel...

iGeneration
UNWIRE.HKNov 20, 2024
執法部門取證工具 Graykey 存取 iOS 18 裝置受限制
專門協助執法部門破解 iPhone 的取證工具 Graykey,目前對 iOS 18 和 iOS 18.0.1 […]
The post 執法部門取證工具 Graykey 存取 iOS 18 裝置受限制 appeared first on 香港 unwire.hk 玩生活.樂科技.
#資訊保安 #Apple #GrayKey #iOS 18
https://unwire.hk/2024/11/20/ios-18-graykey/tech-secure/?utm_source=rss&utm_medium=rss&utm_campaign=ios-18-graykey
執法部門取證工具 Graykey 存取 iOS 18 裝置受限制

專門協助執法部門破解 iPhone 的取證工具 Graykey,目前對 iOS 18 和 iOS 18.0.1 裝置的存取能力受到限制。根據 404 Media 獲得的內部文件顯示,Graykey 只能對大部分裝置進行「部分」解鎖,而只有 iPhone 11 機款似乎能夠進行全面解鎖。▲Graykey 只能對大部分裝置進行「部分」解鎖(圖片來源:magnetforensics)文件中並未明確說明「部分」存取的具體範疇,但推測或只限於解鎖未加密文件、文件大小資訊及資料夾結構。相較之下,針對更容易受攻擊的裝置,Graykey 可於數分鐘內破解 4 位數密碼,而更長的密碼則需數小時。Graykey 背後的 Magnet Forensics 一直對其技術保持低調,未曾詳細公開此工具的實際解鎖能力。Apple 曾在iOS 12 更新中封鎖 Graykey 的漏洞,但 Magnet Forensics 隨後透過發掘新漏洞恢復功能。文件顯示,若未來Magnet Forensics 能找到針對 iOS 18 的安全漏洞,Graykey 或可再度提升其解鎖能力。對於 iOS 18.1 等更新版本的狀況,文件未提供詳細資料,但測試版被列為「無法存取」。 Apple 可能已對 Graykey 的功能作出進一步限制。資料及圖片來源:MacRumors、magnetforensics、magnetforensics

香港 unwire.hk 玩生活.樂科技