Greyshift Sells Phone Unlocking Services

Here's another company that claims to unlock phones for a price.

Posted on March 12, 2018 at 2:27 PM • 14 Comments

Comments

MizzyMarch 12, 2018 3:04 PM

For 99% of the people I know, sadly brute forcing will work.

At least they can't mass snoop on the public by quickly extracting phone data (e.g. when going through security).

HmmMarch 12, 2018 6:06 PM

"For 99% of the people I know, sadly brute forcing will work."

Uh... you get like 3 tries, so unless you're a damn good brute..

wumpusMarch 13, 2018 11:40 AM

@hmm
for $15k, I'd expect you to be able to lift the memory circuits, make an image, then brute force the results (for values of "brute force" similar to modern john the ripper variants and presumably done on GPUs. Price might go higher depending on mining competition).

This isn't *quite* the case where "physical access==pwned", but it is pretty close.

IVBMarch 14, 2018 12:58 PM

Forbes and their anti adblock things.... guess I won't read this one. But saw it elsewhere already.
I wonder though if this is a legit service though. Now are these new phones really encrypted and not decryptable as Apple and Google claims, or not? If not then what do customers get for the price they pay here?

RealFakeNewsMarch 15, 2018 12:58 AM

@IVB:

With that latest OSX Apple changed the file system format and that way it handles WDE. I'm thinking the new system may be in response to some back-room deal to weaken device encryption?

Note, I have no evidence, but I wonder why they change the system now?

vas pupMarch 16, 2018 2:36 PM

@all (I guess related):
Blackberry modified to 'help drug cartels'
http://www.bbc.com/news/technology-43425333
"This organization Phantom Secure was designed to facilitate international drug trafficking all throughout the entire world," US attorney Adam Braverman told the BBC.
“Phantom Secure could also remove key functionality from the devices to lock them down, such as voice communication, microphone, GPS, camera, internet and messaging apps, leaving just the text functionality.”

Q1: If Phantom Secure did this without actual knowledge of users criminal intent DoJ still could charge company (user just want to protect own privacy without any collateral criminal activity)?
Q2: If such company located in e.g. China and manufactured its own highly secured phone, than you bring it in US, insert SIM card and ready to go. Are you criminal just for using such phone WITHOUT any other criminal activity on your side?
Q3: Could those feature provided by default by manufacturer and sell such device without being subject of DoJ investigation? (I am not talking about using those phones in N Korea, but in any G20 country).
Dear bloggers, Your reasonable (not emotional answers are highly appreciated).

RatioMarch 16, 2018 3:41 PM

@vas pup,

Disclaimer: IANAL.

Q1: If Phantom Secure did this without actual knowledge of users criminal intent DoJ still could charge company (user just want to protect own privacy without any collateral criminal activity)?

What would the charge(s) be?

From your article (my emphasis): [US attorney Adam Braverman said] that while almost every smartphone on the market offers hard-to-crack encryption - as well as apps from Facebook, Google and Apple - Phantom Secure should be held culpable for what the users of its services were doing. "The difference is this company was specifically-designed to aid international drug trafficking," he said.

Q2: [...] Are you criminal just for using such phone WITHOUT any other criminal activity on your side?

No.

Q3: Could those feature provided by default by manufacturer and sell such device without being subject of DoJ investigation?

See Q1.


If you’re interested, Motherboard has more on Phantom Secure:

Clive RobinsonMarch 16, 2018 6:34 PM

@ Ratio,

Phantom Secure should be held culpable for what the users of its services were doing.

There used to be rules about this to stop people who had been injured by a drunk/whatever going after the manufacture of the item that was used to cause the injury.

That is the law used to work on the principle of the "Directting Mind". However whilst manufacturers can have deep pockets those with the --supposed-- "directing mind" usually did not.

Thus the civil courts started chipping away at the rules. Now it apears that the criminal courts want to "follow the money" as well...

"The difference is this company was specifically-designed to aid international drug trafficking,"

That is going to be an interesting reach as it implies conspiracy, which in theory is easy to prove but in practice often not. Especially if the company set up business long prior to the criminal cartel purchesing "goods".

What we don't know is how many other customers there are and how long they have been purchasing Phantom Secure's products and services.

Various people involved with prosecuting companies generaly "talk a good fight" but down the line they enter intobsome kind of agreement which involves a fine and a few words of attrician etc, then it's back to business.

As a general rule a supplier of goods has absolutly no idea where they will end up or when. In part because the law alows for second hand sales and in part alows people to rent out most things.

With services it's a little different, in the past supplying a service ment human contact thus the service provider would be aware that things were perhaps not ordinary. Courts still tend to follow that reasoning. Where the courts have trouble is "where service provison is blind" that is like the mail and phone services. To get around the problem the principle of "Common Service Provision" came about. Originally it only applied to government entities, but with comnercialisation licencing. The point is that most "common service provision" is nolonger licenced but just regulated.

If Phantom can establish they were in effect "blind" to the data etc their customers sent, then they were in effect a "common service provider" which would in effect kill off the case against them.

Thus the question of how would Ramos negate the alleged evidence from the RCMP agents. That may well be easier than many would expect "entrapment" is something many legal systems are rather more cautious about than the US.

There is also the question of where the "alledged" crimes happened. They may never have happened within the formal US jurisdiction, which raises another bunch of question marks

I suspect that there are apointiees in various federal entities that are not happy with this and want it to go away. In part the FCC and it's changes to net neutrality may reflect back via the common carrier changes.

Further the judiciary has not been as favourable to FBI prosecutors in more recent times as they have in the past...

As normal insufficient information to make things less than guesswork, I'm not a betting man but if I were I think I'd spend the money on popcorn...

WesMarch 17, 2018 11:16 AM

@RealFakeNews

Apple brought in Jon Callas, who helped develop Silent Circle and SpiderOak, to strengthen the encryption a short while before the new overhauls started rolling out. I doubt there was a backroom deal.

Alpha BravoApril 18, 2018 1:38 PM

I trust you are aware that most of us can not read anything on Forbes.com, eh?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.