This is not a third party review of the effectiveness of this product.
Since they only supply devices to law enforcement, I doubt anyone will find such a review, but I don’t think that means we should believe the product doesn’t work, at least in theory it sounds quite feasible to me. There is some information available online given by law enforcement saying that the product does work, personally I think this is enough that we should believe it does work.
While I do agree with you, not everyone will agree on the authenticity of a particular source. I guess there is simply no way to be certain what their capabilities really are.
If encryption doesn’t matter to them, then at least one of these statements must be true of every phone they unlock:
The device wasn’t actually encrypted.
The device was already in a decrypted state and we bypassed the screen lock and not drive encryption.
We acquired the decryption keys somehow.
We have technology that can break modern encryption without learning keys from another source or brute forcing.
We have enough processing power to brute force a modern encryption algorithm.
#1 and #2 are possible because government contractors lie all the time about what they actually do. Pretending to decrypt stuff isn’t outside the realm of possibility.
#3 is the biggest concern, especially if they are able to infer what the key is by uncapping silicon or something, because that would mean that any phone that could be unlocked by this company is as good as unencrypted since the device contains the keys in a retrievable format for some reason.
#5 and #6 are pretty much impossible, and such abilities would be far more profitable if used for just about anything but unlocking phones.
Welp, encryption is optional boys and girls.
No it isn’t as it is the default and can not be turned off (that’s good)
Did you read the article? It doesn’t matter if you have encryption, they can break it in under a day.
That’s not an article. That’s sales pitch.
Are you implying the post title is inaccurate? If so how?
Just look at the incentives. A company trying to sell a product is going to promise everything.
This is not a third party review of the effectiveness of this product.
So I do not believe sales pitches without evidence
Since they only supply devices to law enforcement, I doubt anyone will find such a review, but I don’t think that means we should believe the product doesn’t work, at least in theory it sounds quite feasible to me. There is some information available online given by law enforcement saying that the product does work, personally I think this is enough that we should believe it does work.
https://www.imore.com/iphone/documents-reveal-exactly-how-much-iphone-hacking-tool-graykey-costs-law-enforcement-including-subscription-costs-company-boasts-turbo-brute-force-feature-for-ios-that-can-access-locked-iphones
https://www.imore.com/unredacted-graykey-nda-outlines-instructions-given-law-enforcement
Yes this one is from the manufacturer but it does have more detail in how the device helped in individual cases if you are to believe what they say: https://www.grayshift.com/wp-content/uploads/101921_eb_Grayshift_AccessToTheTruth_V2-1.pdf
Strong statements require strong evidence.
You should always evaluate opaque claims using multiple sources that have different vested interests
https://discuss.grapheneos.org/d/12848-claims-made-by-forensics-companies-their-capabilities-and-how-grapheneos-fares
Vs
https://www.theverge.com/24199357/fbi-trump-rally-shooter-phone-thomas-matthew-crooks-quantico-mdtf
While I do agree with you, not everyone will agree on the authenticity of a particular source. I guess there is simply no way to be certain what their capabilities really are.
True but that isn’t a reason to give up. We need stronger encryption
If encryption doesn’t matter to them, then at least one of these statements must be true of every phone they unlock:
#1 and #2 are possible because government contractors lie all the time about what they actually do. Pretending to decrypt stuff isn’t outside the realm of possibility.
#3 is the biggest concern, especially if they are able to infer what the key is by uncapping silicon or something, because that would mean that any phone that could be unlocked by this company is as good as unencrypted since the device contains the keys in a retrievable format for some reason.
#5 and #6 are pretty much impossible, and such abilities would be far more profitable if used for just about anything but unlocking phones.