For police to access private Signal messages from an iPhone, there are some other caveats besides a device needing to be in AFU mode. The iPhone in question appears to be either an iPhone 11 (whether Pro or Max) or a second generation iPhone SE. It’s unclear if the police can access private data on an iPhone 12. It’s also not clear what software version was on the device. Newer iOS models may have better security. Apple declined to comment, but pointed Forbes to its response to previous research regarding searches of iPhones in AFU mode, in which it noted they required physical access and were costly to do. A Signal spokesperson said: “If someone is in physical possession of a device and can exploit an unpatched Apple or Google operating system vulnerability in order to partially or fully bypass the lock screen on Android or iOS, they can then interact with the device as though they are its owner.
“Keeping devices up-to-date and choosing a strong lock screen passcode can help protect information if a device is lost or stolen.”Counsel for the defendant in the New York case didn’t respond to messages. The Justice Department said it couldn’t comment.
GrayKey vs. CellebriteForensic exploitation of devices affects any encrypted communications app, from WhatsApp to Wickr, not just Signal. What is apparent is that the government has a tool that can bypass encryption to get into what most people would assume are private messages. The question remains: What is that tool? It’s likely to be one of two popular iPhone forensics tools used by the FBI: the GrayKey or the Cellebrite UFED.
GrayKey, a tool created by Atlanta-based startup Grayshift, has been an increasingly popular choice for the FBI. The agency has spent hundreds of thousands of dollars on acquiring the devices, which start in price from $9,995. When Forbes obtained a leaked recording of Grayshift CEO David Miles talking in mid-2019, he said that his company’s tech could get “almost everything” on an iPhone in AFU mode. Vladimir Katalov, founder of Russian forensics company ElcomSoft, said he believed GrayKey was the tool in use in the New York case. “It uses some very advanced approach using hardware vulnerabilities,” he hypothesized. Grayshift hadn’t responded to a request for comment at the time of publication.
Cellebrite, an established Israeli forensics tech provider, has long served American law enforcement, as well as global police agencies. A spokesperson said it was Cellebrite policy “not to comment on specific customers or uses of our technology,” but added that “law enforcement agencies are seeing a rapid rise in the adoption of highly encrypted apps like Signal by criminals who wish to communicate, send attachments and make illegal deals they want to keep discrete and out of sight from law enforcement.”
In December, Cellebrite indicated it had developed “advanced techniques” to bypass Signal encryption, though Signal issued a statement lambasting not just the company but media reports that had repeated Cellebrite’s claims. In a blog post, Signal said all Cellebrite had done was “parse Signal on an Android device they physically have with the screen unlocked.
“This is a situation where someone is holding an unlocked phone in their hands and could simply open the app to look at the messages in it. Their post was about doing the same thing programmatically (which is equally simple).”When Signal cofounder Moxie Marlinspike commented on the Cellebrite claims in December, he called it “amateur hour.” Whatever tools the FBI used in the New York case, they’re far from amateur.