Podcasts about Grayshift

American mobile device forensics company

  • 13PODCASTS
  • 27EPISODES
  • 48mAVG DURATION
  • ?INFREQUENT EPISODES
  • Jul 26, 2024LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about Grayshift

Latest podcast episodes about Grayshift

DT Radio Shows
Eye To Eye Radio #11 Ft Grayshift

DT Radio Shows

Play Episode Listen Later Jul 26, 2024 61:38


Eye To Eye Radio is a Monthly Drum and Bass Show Produced by Paul HG Tracklist 1 Tweaks - x22 2 Kalane - Balfouri 3 Benny L - Lightning Strike 4 Boycot - On The Reg 5 Objectiv - Speak2Me 6 GLXY - Get Defeat (feat. Sparks) 7 Tryst Temps - Adrenochrome 8 Grey Code - Bodies 9 Break - All You Gotta Do 10 Molecular - Subterfuge 11 Eastcolors - Trippy 12 Universal Project - Glock (Zero T Remix) 13 Dizrupt - Currency 14 Enei - Sinking VIP 15 Ill Truth - Don't Threaten Me 16 Waeys - Stopping Turning 17 Kublai - Trippin' 18 T>I & Trex - Return To Sender 19 Creatures - Cardio 20 Wingz - Gambit 21 Crook - The Looking Glass 22 Jam Thieves - 8 Ball 23 Vibe Chemistry - Prophecy 24 Rift - Can't Stop 25 Cnof - Antidote 26 Halogenix - Lana 27 Amoss - And We Go 28 OB - Zero Sum 29 Dub Ten - Ghetto 30 Philth - The Teacher (Bredren Remix) 31 R3idy - Is This Real 32 DANEY - One Flame 33 Sydney Bryce x QZB - Let You Down 34 DA TU - Slow 35 Jenks, Muzo - Dot 45 36 Cesco - Angry Waves 37 Klinical - Around Me (Workforce Remix) 38 Monrroe - Warsaw

eye to eye grayshift
Full Access by Grayshift
Full Access to Brian Fitch

Full Access by Grayshift

Play Episode Listen Later Apr 28, 2023 39:56


Grayshift wants to allow customers to remove limitations such as inadequate computers and the need to use expensive external units. VeraKey has delivered the ability for investigators to share evidence regardless of geographic boundaries.  VeraKey is Grayshift's solution for commercial customers who want a GrayKey device, the collection tool used by law enforcement. Unlike GrayKey, VeraKey is a consent-based mobile forensic solution. It performs the same function in performing full file system collection from a device and providing that for forensic analysis. [01:50] Profile of this episode's Guest: Brian Fitch, Senior Product Manager - Grayshift Brian was instrumental in the development and release of VeraKey. He has been the Product Manager for a variety of companies. Twenty-five years ago, he started his cybersecurity career in customer support and transitioned into sales or systems engineering. [08:11] Endpoint Detection and Response(EDR) and Manage Detection and Response(MDR) EDR is what antivirus and anti-malware have morphed into today. It protects endpoints against the latest threats and gives customers information about what is happening at those endpoints. Sometimes something new can get into the system that isn't detected by anti-malware or antivirus. EDR reports against that. MDR ingests the alerts of EDR and sends them through software engineering and artificial intelligence to take out actionable security alerts for customers. [13:31] Brian's journey to Grayshift Brian had heard of the company and the positive outcomes it helped deliver, so he had been interested in joining Grayshift for a while. More and more people he knew and had good working relationships with had joined Grayshift. When a product management position opened, he pursued it and started with Grayshift last summer. [17:38] What is VeraKey? VeraKey is a consent-based mobile forensics solution offering plug-and-play functionality to perform a full-file system collection while offering simultaneous data analysis when coupled with Grayshift's new ArtifactIQ. A significant benefit is the ease with which collections can be shared, even with geographical separations in an investigation. The best feature is the ease of use. Following the workflow, the full file system is extracted. The user can opt to upload to ArtifactIQ and reach their first fact faster while performing analysis. The main difference between VeraKey and GrayKey is that VeraKey is a consent-based device only. It cannot unlock or brute force a phone like GrayKey. The companies using VeraKey have the consent of the device custodian and are usually performing a corporate investigation. [20:24] ArtifactIQ and how it works with VeraKey ArtifactIQ is a cloud based analytics tool. When VeraKey starts collecting data, it gives you the option to send that collected data to ArtifactIQ simultaneously.  Once in the cloud, ArtifactIQ pulls the most important data forward and puts it in an easy-to-read format inside the same user interface. Investigators can then review data easily and quickly. [24:59] Research from the private sector Grayshift spoke with many digital forensic examiners in the private sector while conducting research for the creation of VeraKey. Companies were adamant about protecting their employees from outside threats such as litigation of a perceived malpractice event. Commercial customers benefit from having consent for the collection, usually due to the device being a corporate-owned device or having a Bring Your Own Device agreement. [33:40] Prioritizing the roadmap for innovations Prioritization is one of the most fun and frustrating parts of being a product manager. Many organizations follow a framework such as Weighted Shortest Job First (WSJF) or Reach Impact Confidence Effort (RICE) to prioritize what problems to solve first. There's no right or wrong method for prioritization. Organizations need to determine what approach would work best for them. Brian primarily focuses on ensuring the company addresses the right problems first. CONNECT WITH DEBBIE, KARIN, AND GRAYSHIFT Debbie on Twitter Debbie on LinkedIn Karin on Linkedin Check out Grayshift online - https://Grayshift.com  Grayshift on Facebook Grayshift on Instagram Grayshift on Twitter Grayshift on LinkedIn Connect with us about the podcast at podcast@grayshift.com 

Full Access by Grayshift
Full Access to Billy Rodgers and Olin Rankin

Full Access by Grayshift

Play Episode Listen Later Apr 14, 2023 63:14


Many challenges accompany investigations on the dark web. Jurisdiction isn't the only hurdle. The investigator must also find a prosecutor who understands the investigation and is on board to tackle the challenge. With crypto, is enough money involved to get someone's attention with everything else they're doing? With a dark website, appropriately dedicated equipment is necessary. Not every agency can do that.  Learning to navigate the dark web requires time. Interacting with it is the best way to learn. Because it's so easy to download, Billy and Olin focus on teaching people how to get connected with it. Then investigations consist of taking the information found on the dark web to traditional places and hoping the criminal messed up somewhere. [00:55] Profile of this episode's guests: Billy Rodgers and Olin Rankin Both Billy and Olin are instructors for NW3C. Billy began his career as an adult probation officer in Pennsylvania, was a DEA agent for over 23 years, and now works as a high-tech crime specialist for NW3C. Olin teaches throughout the U.S., focusing on basic and intermediate instruction in classes such as Dark Web virtual currency and basic digital forensic analysis. [07:14] Billy's experience with the first-ever tapping of a website There was an individual who was selling chemicals on separate websites. When these chemicals were combined, they would create a drug. In the early 2000s, there wasn't a playbook for tapping websites. Billy was the person who forwarded everything to the agents who were working on the case. Billy had the opportunity to be part of the arrest team in Quebec for this case. This experience started Billy's interest in the nerdy part of investigating. [10:47] Olin's law enforcement career and move to cryptocurrency Olin started his law enforcement career as a desk clerk. Olin would enter all the data that had come in for service calls from the Russell Police Department's dispatch center. At the time, the calls for service were hand-written. Because he was still under 21, Olin moved into corrections for 12 years. When the county sheriff's office had an opening in the cybercrime division, he transferred there as a forensic examiner. [13:37] How can smaller agencies develop their own cybercrime divisions? The smaller an agency is, the harder it is for them to have the capital to start a cybercrimes division. Olin learned about a fund in the narcotics division where anyone convicted of a drug offense pays into a budget for the narcotics division to use for equipment. So Olin worked with Senator Bart Hester to create a similar cyber fund in Arkansas. [18:26] Funding undercover operations via a Bitcoin mining program Olin wanted his sheriff to be able to have every option on the table if they were hit with a ransomware attack.  He proposed starting a mining operation where they could utilize seized mining equipment instead of auctioning it off. The funds were used for undercover operations, prostitution stings, and dark web investigations. [21:31] Understanding cryptocurrency Cryptocurrency is a decentralized exchange medium allowing peer-to-peer and borderless payments. The software that manages different cryptocurrencies is called a wallet. The blockchain is a public ledger where all the transactional data resides. Any transaction that's ever occurred can be seen in the transactional data. Many people think crypto, like Bitcoin, is untraceable, but it isn't. There are ways in which the transactions can be followed to identify who is responsible. [29:11] What is an NFT? NFTs are also stored on the blockchain. They are designed to be specific, unique tokens representing various things. There have been money laundering cases where people sold NFTs to themselves and transferred money from one address to another. This process is also used to build the price up to scam people out of more money. NFTs could potentially become a better form of identification for people in the future to prevent identity theft and fraud. [34:03] The dark web, crime, and investigations The dark web is another form of communication. It's essentially a different browser that is more complicated to connect to, and it's slower. While the dark web isn't inherently bad, it can have marketplaces where people sell awful things. The dark web makes transactions anonymous. People don't even have to meet face-to-face. There are many types of crime on the dark web, such as drugs, child exploitation, selling stolen goods, and anything you could find in traditional crime. [56:37] What types of training are available with NW3C? NW3C.org has a complete catalog of courses available. Webinars, online training, and in-person training There are intelligence courses, financial investigation courses, courses on high-tech crimes, and something for everybody in law enforcement. NW3C also offers technical assistance Training is open to investigators, digital forensic examiners, prosecutors, and anyone in a law enforcement agency. CONNECT WITH DEBBIE, WILTON, AND GRAYSHIFT Debbie on Twitter Debbie on LinkedIn Matt on Linkedin Check out Grayshift online - https://Grayshift.com  Grayshift on Facebook Grayshift on Instagram Grayshift on Twitter Grayshift on LinkedIn Connect with us about the podcast at podcast@grayshift.com 

Full Access by Grayshift
Full Access to Teagan Kavanagh

Full Access by Grayshift

Play Episode Listen Later Mar 23, 2023 38:35


Digital Forensics is about finding the truth. Something that isn't discussed often is how sometimes the evidence doesn't add up, and people are exonerated. Data either exists or doesn't exist. Or, data existed at one point and doesn't exist now. Very rarely can something happen outside of those facts. What digital forensics can prove or disprove is crucial to the truth. E-discovery is a collaborative effort with multiple parties involved. Various stakeholders have a role to play in the whole process. People working in digital forensics need to be able to explain some of the technical terminologies in layperson's terms so that everyone can understand why an artifact is presenting itself a certain way or why something exists or doesn't exist on a device. [00:46] Profile of this episode's Guest: Teagan Kavanagh - Digital Forensic Examiner for TransPerfect Legal Solutions Teagan decided to pursue a career in criminal justice/law enforcement in college. During his senior year at Colorado State University, he interned with the Longmont Police Department, which jumpstarted his law enforcement career. Teagan had always been interested in tech, building his own PCs since he was a teenager. He didn't realize how much that experience could apply to his law enforcement career until it was needed. He utilized some of the many free resources available for law enforcement, such as a network investigations class where he learned to do router interrogations, break down IP addresses, and find hidden networks. [06:26] Teagan's role at TransPerfect Legal Solutions As Digital Forensic Examiner, Teagan works in the forensic technology and consulting branch of the legal solutions side of the company. The forensics division is a small part of the overarching e-discovery branch. In e-discovery, Teagan's job is primarily data preservation and collection from various digital data sources. [07:42] Digital forensics in the private sector vs. law enforcement Teagan's first job outside law enforcement was with a smaller, forensics vendor, Defense Forensic, where he worked with other former law enforcement. He then had an opportunity to work with TransPerfect Legal Solutions(TLS), and that seemed like the next logical move for his career.  TLS has a good mix of both law enforcement and not. Some of the team is former law enforcement, while some went to school for digital forensics and went directly into a corporate job after school. Digital forensics in the private sector works almost exclusively based on consent rather than seizing a phone and writing search warrants. When dealing with hardware, both sectors use the same tools and analyze artifacts in the same way. [13:48] Overcoming instances where someone isn't willing to provide information Trying to get a device away from somebody for longer than an hour is challenging, especially without knowing how long the process will take.  Large-scale preservation or collection matters involve over 100 devices. Coordinating time windows for each person to come in to image their devices requires a lot of logistics. Having forensics involved from the beginning of the process helps obtain the correct information to set accurate expectations later. The project is set up for failure if expectations aren't managed upfront. Managing expectations is vital to getting the job done efficiently. [20:17] The biggest challenges facing technology-related investigations With multiple parties involved, explaining some technical terminology in layperson's terms is critical to understanding. Many people have multiple phones nowadays. Sometimes those are old phones, and sometimes they are work or personal phones, and any of those could fall under the scope of the investigation. When someone buys a new device, they often transfer data from their old phone to the new one. Repeatedly doing that means more and more data must be processed. [33:20] Advice for those starting in digital forensics and those transitioning to the private sector Many high schools and colleges now offer classes and degrees in digital forensics. Free resources include podcasts, webinars, free training, and online information. Many people in law enforcement don't give themselves enough credit regarding transferable skills. Talk to people who have transitioned from law enforcement to the private sector for advice to get a better, well-rounded idea of the process. CONNECT WITH DEBBIE, MATT, AND GRAYSHIFT Debbie on Twitter Debbie on LinkedIn Matt on Linkedin Check out Grayshift online - https://Grayshift.com  Grayshift on Facebook Grayshift on Instagram Grayshift on Twitter Grayshift on LinkedIn Connect with us about the podcast at podcast@grayshift.com 

Full Access by Grayshift
Full Access to Alia El-Sawi

Full Access by Grayshift

Play Episode Listen Later Mar 10, 2023 40:53


One of the biggest challenges in helping victims of human trafficking is reiterating the importance of a victim-centered approach. When law enforcement agents are new to human trafficking, they must remember that someone is not in a sex-trafficking position because they want to be. A lot of manipulation is behind the situation, along with prior trauma that may have led that individual to their awful situation.  These cases differ from other investigations, such as drugs, guns, and gangs. They affect human lives, and these individuals will be the key to making the case. When working with these human trafficking cases, there needs to be an element of compassion while also being careful about removing biases. [01:09] Profile of this episode's guest: Alia El-Sawi - Victim Assistance Specialist at Homeland Security Investigations Alia has been a Victim Assistance Specialist with Homeland Security Investigations since 2010. Before her work with HSI, she served as the Anti-Human Trafficking Program Coordinator for a nonprofit organization called Tapestri. She has received many awards and recognitions, including Georgia Trend's “Top 40 Under 40” Georgians, Islamic Speakers Bureau of Atlanta's “Top 40 under 40”, and the Immigration and Customs Enforcement Directors Award.  [02:29] What is human trafficking? While human trafficking and human smuggling can be related, they are different. Both may involve movement of some sort. However, smuggling generally is done with the goal of the person having a better quality of life. Human trafficking consists of an ulterior motive by the trafficker to exploit the individual. With human trafficking, the individual may not understand or fully know they're being brought somewhere for an exploitative purpose. They may have been promised a job, but that job ends up looking very different. Labor trafficking is a form of human trafficking that uses force, fraud, or coercion to recruit individuals for some particular employment where the individuals end up in servitude. Sex trafficking involves commercial sex, where an individual is forced into what some refer to as forced prostitution. [11:25] Alia's role at Tapestri and journey to Homeland Security Investigations Alia started working in the anti-human trafficking field with Tapestri, a nonprofit, nongovernmental organization based in Atlanta, Georgia. At Tapestri, Alia provided direct services for survivors of both labor trafficking and sex trafficking of juveniles and adults, specifically within the various immigrant and refugee communities. Because of her work with Tapestri, Alia spent a lot of time building connections with local, state, and federal law enforcement. She referred case after case that agents could successfully present to the U.S. Attorney's Office, which successfully prosecuted. When the role of Victim Assistance Specialist opened in Atlanta, the supervisor and Assistant Special Agent in Charge approached Alia about the position. [19:00] Services available to those who have been victims of human trafficking Most of the time, Alia relies on the networks and resources she's built over the years that continue with the nonprofit world, direct service providers, child advocacy centers, and expands into the medical realm. Alia works with many medical professionals, such as behavioral health and substance abuse facilities.  Many faith-based communities are willing and eager to help the efforts by providing volunteers. Sometimes services look like anything from food banks to language access through English as a second language classes for an individual. [26:35] Staying motivated in difficult cases People ask Alia how she keeps from being depressed about such a heavy topic. She hangs on to the success stories because she knows people can escape their darkest days and walk into the light. There was one case that followed Alia as she moved from Tapestri to HSI. She saw the young lady go through the process and get the resources she needed to grow into a young lady doing exceptionally well. [30:03] The role of mobile forensics in human trafficking cases With the internet, there is, unfortunately, easier access to a variety of people. Many are recruited online through various means of social media. Social media with messaging, video, or photo capabilities are a breeding ground for trafficking and create an easier way for traffickers to infiltrate and start casual conversations with both adults and juveniles. Cell phones are a vital component of human trafficking investigations. Having the information on cell phones is the easiest way to unveil more of what's happening. [37:23] The future of fighting human trafficking Continue to raise awareness. As a country, the U.S. has come a long way in building awareness. Even globally, many strides have been taken to advance the fight. All sorts of legislation are being passed that help provide additional resources for the victims.  Dispelling human trafficking myths will help accurately detect what human trafficking is so more people can know what some of the red flags are and refer cases to help provide victims with the help they need. CONNECT WITH DEBBIE, MATT, AND GRAYSHIFT Debbie on Twitter Debbie on LinkedIn Matt on Linkedin Check out Grayshift online - https://Grayshift.com  Grayshift on Facebook Grayshift on Instagram Grayshift on Twitter Grayshift on LinkedIn Connect with us about the podcast at podcast@grayshift.com 

Full Access by Grayshift
Full Access to Bernie Lampe

Full Access by Grayshift

Play Episode Listen Later Feb 24, 2023 90:32


Our listeners want to know more about Grayshift, our mission, and the knowledgeable people who work here creating powerful digital forensics tools. Our guest today is Bernie Lampe, Vice President of Research at Grayshift, and we're talking about all things Android.  GrayKey has developed as a standout, game-changing leader in iOS access and extraction, but many people don't realize that Grayshift also supports Android devices. So this episode is dedicated to talking about the Android capabilities related to GrayKey. [01:53] Profile of this episode's guest: Bernie Lampe, Vice President of Research - Grayshift Has experience in both government and the private sector Joined the Air Force in 1999 He has presented at conferences and universities, and his research has been published. For the last several years, he has been working with government organizations on various projects, including remote sensing and vulnerability research [10:54] When did Grayshift first release support for Android devices? Bernie was hired in May 2020, and in January 2021, Grayshift released the S20 Android is meant to be more flexible than iOS. While iOS has a lineage version number, Android spider webs Since the S20, Grayshift has focused on Samsung because the company is the biggest provider of vendor Android phones Grayshift has also made its way into the Moto space [17:16] How to find good vulnerability researchers A good vulnerability researcher has to have reverse engineering skills. Code auditing experience is essential. Many people have the right things on their resumes, but they don't necessarily have a practitioner's level of working knowledge. The best people at this job are creative thinkers. [24:29] Attack surfaces have become more complicated over time A researcher has to invest a lot of time and effort into understanding a particular narrow problem set that is complicated. While there is some crossover between Android and iOS, understanding each well requires individual focus. Encryption schemes are constantly changing, and the work people did years ago is less relevant now. Someone must be deeply invested in understanding what's going on with one particular attack surface to devise techniques that no one else would know. [35:23] Some of the biggest vulnerabilities in Android Vendors have added various security and ad hoc security mechanisms that have been poorly implemented and have become sources of vulnerabilities themselves. Android has a lag time between finding a bug and perfectly patching it because of infighting between different companies or the company itself. One of the biggest problems with computer science in general in the software industry is that there are no standards. [41:07] Strategies for learning new devices The first step is finding the firmware and understanding the different pieces. The next step is researching by trying to find any open-source documentation, looking at the data, and looking at other online information about how people have approached this technology. One of the biggest challenges is knowing where to spend time in research. If a lot of information is available online, that route might not be a fertile attack surface because it has been vetted. If you can ask a question that no one has asked before, then typically, asking the right question leads to an answer quickly. [50:21] How long does it take to research and develop a solution for Grayshift to add a phone to its support matrix? The timeframe can vary from months to years. While bugs are constantly found, the bugs aren't necessarily usable. Grayshift's exploit engineering team has done an amazing job of building automated systems to port-forward bugs. If some phones are similar, they might have bugs that are portable. Support for those phones might be almost immediate. Because of fragmentation, each phone is configured differently, so they won't have the same bugs and won't be supported as quickly. The time between finding a vulnerability and actually finding an exploit can be long, but Grayshift is trying to speed that up by encapsulating fragmentation. [01:11:15] Advice for someone wanting to start a career in software vulnerability research Not everyone has the temperament for research. People need to be prepared to fail and learn from failing. Someone is always on the other side trying to pull the bricks out of the bridge you're trying to build, and then you have to start all over again. Learning how to learn is critical. The Art of Doing Science and Engineering: Learning to Learn: Richard W. Hamming, Bret Victor Richard Hamming: "Learning to Learn" - YouTube  CONNECT WITH DEBBIE, WILTON, AND GRAYSHIFT Debbie on Twitter Debbie on LinkedIn Wilton on Twitter Wilton on Linkedin Check out Grayshift online - https://Grayshift.com  Grayshift on Facebook Grayshift on Instagram Grayshift on Twitter Grayshift on LinkedIn Connect with us about the podcast at podcast@grayshift.com 

Full Access by Grayshift
Full Access to Stevie Coates

Full Access by Grayshift

Play Episode Listen Later Dec 16, 2022 75:20


This episode is part of a series to help listeners and customers learn more about Grayshift, the company mission, and the people who carry out that mission. This episode's guest is Stevie Coates, Digital Forensics Specialist at Grayshift. He comes from a long career in law enforcement as an officer, digital forensics examiner, and trainer in Northern Ireland. The way people interact and use devices has dramatically changed over the years. Phones can now store impressive amounts of data that need to be processed. Likewise, computers nowadays typically have at least two or four terabyte drives. The challenge is the time required to move data into a format that can be analyzed. When investigating officers are up against the clock, and a serious incident just occurred, they need that data as quickly as possible to act on it.

Full Access by Grayshift
Full Access to Corrina Chester

Full Access by Grayshift

Play Episode Listen Later Dec 2, 2022 58:19


Grayshift would like listeners and customers to have the opportunity to learn more about the company, its mission, and the people who work to carry out that mission. The next series of podcasts will feature Grayshifters to share their experiences and expertise. This episode features Corrina Chester, the Strategic Account Manager for the United Kingdom in Ireland. Corrina has a rich history of serving the IT and digital forensics community. She shares her background, career, how she came to Grayshift, and what she sees as a path forward for technology and law enforcement.

Full Access by Grayshift
Full Access to Grayshift Digital Forensics Specialists: Josh Carder and Matt Fullerton

Full Access by Grayshift

Play Episode Listen Later Sep 8, 2022 68:54


Listen now for Full Access to Josh Carder, Digital Forensics Specialist and Matt Fullerton, Digital Forensic Specialist at Grayshift.  Learn how Josh and Matt have taken their previous experiences in law enforcement and have applied them to help generate awareness and interest in mobile digital forensics while at Grayshift.   

Full Access by Grayshift
EP 12: Full Access to Reveal by Grayshift

Full Access by Grayshift

Play Episode Listen Later Aug 2, 2022 38:55


Episode Summary On this episode of Full Access, Grayshift Co-founder and Chief Product Officer, Braden Thomas, and Reveal Product Owner Scott Hettinger introduce listeners to Grayshift's new data analysis tool, Reveal.   You can listen to Full Access Episode #2 to learn more about Braden and the origins and creation of GrayKey, Grayshift's flagship data extraction tool for law enforcement. 

Full Access by Grayshift
EP 10: Full Access to the Grayshift Customer Success Team

Full Access by Grayshift

Play Episode Listen Later Jul 1, 2022 43:19


On this episode of Full Access meet Vice President of Customer Success, Rick Hensley and Lead Customer Success Trainer Crystal Edmonds, and get a sneak peek into some of the exciting things the team is planning for Grayshift customers soon. 

Full Access by Grayshift
Ep. 08: Full Access to Grayshift Digital Forensics Director, David Smalley

Full Access by Grayshift

Play Episode Listen Later May 19, 2022 51:09


Listen now for Full Access to David Smalley, Director of Digital Forensics at Grayshift. Smalley came to Grayshift with a background in both law enforcement and the private sector and takes listeners on the journey of his career from loss prevention officer to DF Director.

Full Access by Grayshift
EP 07: Full Access to Grayshift Grant Writer, Josh King

Full Access by Grayshift

Play Episode Listen Later May 19, 2022 44:24


Listen now for Full Access to Grayshift Grant Writer, Josh King. King came to Grayshift from the Searcy Police Department in Arkansas where he was a Police Officer for just over 11 years. King spent half of his career assigned to the Central Arkansas Drug Task Force and is now currently in Law School.

Full Access by Grayshift
Ep. 02 Full Access to the Minds Behind GrayKey

Full Access by Grayshift

Play Episode Listen Later Jan 25, 2022 52:27


Join us as we speak with Grayshift co-founders, CEO, David Miles, and Chief Product Officer, Braden Thomas. We are thrilled to learn more about their careers, the origins of Grayshift, and a few little-known facts about themselves and the company.

Full Access by Grayshift
Ep. 01 Full Access to Your Hosts: Debbie Garner & Wilton Cleveland

Full Access by Grayshift

Play Episode Listen Later Jan 21, 2022 41:22


Join us as we introduce you to our Full Access hosts, Debbie Garner and Wilton Cleveland. Learn more about their backgrounds in Law Enforcement, what lead them to Grayshift, and much more!

Peter B. Collins - Free News & Comment Feed
PBC News & Comment: Despite Apple’s Claims, iPhones Aren’t Secure

Peter B. Collins - Free News & Comment Feed

Play Episode Listen Later May 20, 2020 59:20


PBC News & Comment, 5.20.20: Despite Apple’s Claims, iPhones Aren’t Secure Atlanta-based Grayshift makes spyware that can capture numeric passwords, and Apple whistleblower says Siri hears just about everything in range….

Interview aus dem Gefängnis
Cybersecurity Special – Entsperrung von Smartphones durch die Strafverfolgungsbehörden

Interview aus dem Gefängnis

Play Episode Listen Later Apr 27, 2020 5:08


The Essential Apple Podcast
Essential Apple Podcast 92: Is the AR Future Here Yet?

The Essential Apple Podcast

Play Episode Listen Later Jun 18, 2018 57:32


Recorded 17th June 2018 Well this week it has a bit of an odd one, quite a few stories but not much of any great import. Rogue Amoeba bemoaned the state of Mac hardware, while John Martellaro thinks the omens are good for new hardware soon. Developer Harley Turan showed us some AR that looked like the sort of real world use we've imagined. Apple closed down the lightning port to increase customer security while GrayShift claim to have already bypassed this defence (but then again they would wouldn't they). Karl Madden (@Claw0101) from the Mac & Forth Show joins me and we discuss all of it and more. Why not come and join the Slack community? You can now just click on this Slackroom Link to sign up and join in the shenannigans! Essential Apple Recommended Services: 33mail.com – Never give out your real email address online again. Sudo – Get up to 9 free “avatars” with email addresses, phone numbers and more to mask your online identity. ProtonMail – End to end encrypted, open source, based in Switzerland. Prices start from FREE... what more can you ask? ProtonVPN – a VPN to go with it perhaps? Prices also starting from nothing! Fake Name Generator – So much more than names! Create whole identities (for free) with all the information you could ever need. Pinecast – a fabulous podcast hosting service with costs that start from nothing. Essential Apple is not affiliated with or paid to promote any of these services... We recommend services that we use ourselves and feel are either unique or outstanding in their field, or in some cases are just the best value for money in our opinion. On this week's show: KARL MADDEN On Twitter as @claw0101 Host of the Mac & Forth Show APPLE How Apple can fix 3D Touch – Eliz Kılıç – Medium Apple has some new Ads called “Behind the Mac” – Mac Observer Apple Maps suffers widespread search and directions outage – Cult of Mac The Future Was Posted to Twitter Last Friday – The Mac Observer Apple recruits senior Waymo engineer & NASA veteran for self-driving car project – Apple Insider On The Sad State of Macintosh Hardware – Rogue Amoeba However John Martellaro thinks the omens and portents may be looking favourable; Apple May Be Ready to Unleash a Slew of New Macs – Mac Observer SECURITY Apple acknowledges new efforts to thwart passcode brute forcing – 9to5 Mac Grayshift may have already found a way around USB Restricted Mode – Mac Rumors Private Internet Access' "No-Logging" Claims Proven True Again in Court – TorrentFreak JUST A SNIPPET For things that are not worth more than a flypast I wish I could buy Intel's cute little E Ink dual-screen PC. Part e-reader, part 8-inch tablet, the Tiger Rapids prototype is super nifty – Engadget WORTH-A-CHIRP / ESSENTIAL TIPS Overflow 3 from Stunt Software Cmd-Ctrl-Space on the Mac brings up a searchable emoji insertion panel

Craig Peterson's Tech Talk
TTWCP Radio Show- 2018-06-16 Apple Macintosh 11-year-old security hole and Apple could kill police iPhone unlockers.

Craig Peterson's Tech Talk

Play Episode Listen Later Jun 16, 2018 25:08


 Problems with Mac OS if you're a Mac user. Craig explains an eleven-year-long vulnerability and why it has not been fixed. DNA data breaches.  Craig discusses why it is such a big deal and why we have to be worried about it. Cryptocurrency is in the news again.  Craig tells you why this blows his mind. Police can unlock iPhones. (Well they brute force attack it -- so if you have a 15 number password it will take them over 200 years) Hey, you heard the police can unlock iPhone's right. Well looks like there's a new feature that might stop them. Also, ambulance chasers they've been around a long time. Well, we're going to talk about a new type a digital ambulance chasers. Do you drive a BMW car? They've been found to have more than a dozen security flaws. Craig is putting up a new membership site (Yes, it is free you just have to sign up)  On it will have all his special reports that he puts out and you will be the first to get them. These and more tech tips, news, and updates visit - CraigPeterson.com --- Transcript: Below is a rush transcript of this segment, it might contain errors. Airing date: 06/16/2018 Apple Macintosh 11-year-old security hole and Apple could kill police iPhone unlockers. Craig Peterson:[00:00:00] Hi everybody. [00:00:01] Craig Peterson here. Of course we're going to be talking about technology its impact on us what we'll be talking about security. We've got some great information here including some problems with Mac OS if you're a Mac user. This is an 11 year long vulnerability that just hasn't been fixed yet. We're going to talk about DNA data breaches I don't know if you've heard of these before but it's becoming a big thing and it's something we need to think about. We've got a cryptocurrency story this week that just blows my mind. Hey you heard the police can unlock iPhone's right. Well looks like there's a new feature that might stop that an ambulance chasers they've been around a long time. Well we're going to talk about a new type a digital ambulance chasers and BMW cars. They've been found to have more than a dozen security flaws.  [00:00:54] You know there's probably a lot more. Don't worry. Here we go. You're listening to Craig Peterson on the air now for going on 20 years. We've got tens of millions of podcasts downloads and hopefully we'll be able to give you a couple of things today that not only educate you, but I think you'll find surprising. So here we go.  [00:01:17] Well first off, we're going to talk about this hack. This is a problem that is only in Mac OS. Now we talk a lot about problems that only exist in the Windows world of course. The Android world which has been a real cesspool when it comes to security breaches and the main reason for that as we've discussed before is that people are not updating their Android devices and many times that's because you just can't update the android device, right. You buy them because they're cheap. And even if there expensive there are thousands of variations of Android because of the device drivers they're all using different components and sometimes the exact same model phone from the exact same manufacturer will have different versions of hardware in them or even completely different hardware. So, it's really difficult for these companies that are manufacturing the phones and the carriers that are further modifying the phones to keep everything up to date. Think about that, if you're Google, and you are making an operating system and you’re selling it and you’re getting blamed for all of these Android problems and in reality, the problem is there are a bunch of people putting their fingers into your code messing around with it in order to make it compatible for their customers right. So, think about that for a sec you’ve got the android device so you are shipping it now to some door operating systems are you shipping now to some device maker that’s going to take your operating system and put it on their device well the devices all vary in the CPU in the speed that think about the displays they’re all different.  [00:03:01] The way you touch them to interact is actually different. Those are all different device drivers. You also have, of course, the cellular data modem that might be in there to get data you’ve got the Wi-Fi chipsets. There’s a whole ton of pieces and they’re all buying them from more or less the same manufacturers depending on what it is but they’re having to modify it. So now your Google operating system your Android is being modified by the device manufacturer who now is going to ship it off to your carrier. So you have a contract with who with Verizon with T-Mobile, Sprint whoever it might be. So, they’re going to want to get their fingers into it too. They’ll do a few little things they might be using specific band frequencies, for instance, for your internet. And in fact, that’s true for Wi-Fi as well because depending on where you are in the world there are different frequencies sets different bands for the Wi-Fi. [00:03:57] So now you’ve got the manufacturer, who has modified it, you've now got the ISP or the phone provider the carrier who's modifying that device and shipping it out. Many times, You'll also find that the people who make the component hardware for the device will also be modifying that device before they ship it out. So, the list kind of goes on and on. The people who have the fingers in it. So, now your Google, you found a security problem. Now what are you going to do about that security problem. How are you going to get your code out there, while you're going to make effects or patch and you're going to send it to the device manufacturer. Now the device manufacturer says you know we haven't sold that phone and years. OK. So, we've got other things we have to do. We have our people now working on the next release of the next greatest phone. So, they're not going to make an update for your phone. And the same thing with the component manufacturers they're not going to have an update for some old chip that they manufactured years ago. And even if it's a fairly recent chip and they do provide an update, it's got to go back to the manufacturer who now has to integrate it and then distribute the changes, right. And then it has to go back to the carrier who sold you the device who no longer has a relationship with you potentially right you might switch carriers. How are they going to get their changes in how they're going to get out to you? So, it's very, very, difficult in some cases. Google can send out patches directly to you. You can get them. You know you've got to Google Play store and you can get various types of updates and stuff from there directly from Google. But it's a real, big problem and that's one of the biggest problems we have right now in security. Certainly, the biggest problem in mobile security now. Apple has been known to be rather safe and secure because it was designed that way from the start.  [00:05:55] Remember the whole Internet thing started in government and in academia and the big guy out there in academia who had a lot of operating system technology was AT&T and they had something called Unix and Unix was designed to be able to run on all of the different hardware AT&T had and that's a lot different hardware. Think about the big old phone companies. They had old machines new machines they had machines that were huge main data processors they had other machines that were teeny tiny sitting right by a Pole pack then couldn't really put one of them on a pole very easily, but you know you could it happened. [00:06:35] And so they had this operating system called Unix that worked really well. While UC Berkeley University of California Berkeley took some of those concepts, licensed some of that software the version 7 Unix, back in the day, and they ran with it and they started adding in more ability to have networking. Now think about this for a minute, in your school system our university system. You also have the same types of problems AT&T has had plus a few more because you also have a lot of pieces of equipment that you have to make and modify maintain [00:07:13] Run different software on and at the same time. Now you have a new problem which is you have all these students that want to hack in and change their grades, right and do all of the stuff you might not want them to do.  [00:07:26] So, it becomes a little bit of a problem. So, guess what. AT&T and UC Berkeley particularly Berkeley they built in a lot of security. They designed the Internet, basically. And because of that Internet implementation let's put it that way they didn't really design it, but they certainly implemented it but because of that implementation and its security you now had an operating system called Unix back in the day that was very secure it was ready to go. And then you had a Torval, come along and he went there and made his own Unix lookalike and called it Linux and it doesn't have all of the same safety features. But it has much of the same thinking that was there in the original Unix’s of the world. So, fast forward to Apple, Apple had its operating system that was frankly kind of a toy it ran on some of the Mac’s number of those little boxy ones way back when. But it wasn't a great operating system and it wasn't something that could really build on to a lot of good things with it had its advantages. I can already hear you. Here come the text messages right. You know already here you're talking about it but in reality, they needed something a lot better. [00:08:42] And so that's what they did. They took Unix. [00:08:45] In fact it looks like what they did is it took free BSD looking down on the kernel and they were able to put their windowing interface on top of it. And you know there's times actually to a couple of other companies. Steve Jobs had some involvement with but. We're trying to make this simple right. This is not a history of Apple computers. What I'm trying to explain why they are more secure than Windows and so they took all of this wonderful code that was designed to be secure. They put a window in interface on it and out they go. They had a very good very productive operating system. Well one of the things that they did to make it more secure and they added on was that the applications became signed applications. So, a developer would sign an application and you knew now that the developer had basically approved it said it was good and Apple would sign them so that you knew. Yes, indeed this was reviewed by Apple and it was something you should pay attention to. You don't have to worry about any more of the machine automatically just accept the software, and if there are problems of course the machine will pop up a little warning saying well the software is not signed I don't recognize it and unless you change some settings it will not lead to install that software. While there is a bit of a problem here because Apple, remember they changed their processors. Now they're using Intel processors. They may actually be switching processors again within the next year or two, but they changed to Intel processors from the power PC stuff and I love PowerPC stuff.  [00:10:26] It was really, really, good but they changed their processors, so they had to have these universal wineries so developers and Apple themselves or write software that would run on the Old Power PC architecture or it would run on the new Intel architecture. How could it do that? Well, that actually kept both binary as both programs in one program. So, the operating system would start to run the program it would launch a program it would look at it and say Oh, okay I'm a PowerPC I am going around the PowerPC code or Intel so I'm going around the Intel code and that makes sense to you. It was actually a great little idea and it worked really well. The problem that has surfaced now is that for the last 11 years since they put this whole thing in place we've had a we've had a real problem and that problem is that Apple apparently was only checking the very first binary for a signature. Isn't that a problem. It sounds like a problem to you. So, all a hacker had to do was put in a binary into you know into this little package and that binary just had to contain the one signed piece of code. That's all it needed was one signed piece of code and off it went to and the rest of the code could actually be nasty, nasty, nasty, so keep an eye out. Don't install software that is that you don't you don't know where exactly where it came from because it could end up biting you and in a very big way the signature check bypasses. These are these are very big deal so watch out for that  [00:12:16] This next one is very controversial frankly. What should you be able to do, if you were the police or the FBI, should you be able to monitor someone's private communications. Well we know the Constitution lets us be safe right to keep our private papers and other things. And I think that all makes a whole lot of sense. But when we're talking about the digital world should the government have a back door. Now this debate has raged on for a very, very, long time. I mean crazy, long time. Certainly, my entire career in computers and technology with encryption. So, the police right now have a way to unlock iPhones and not all of the police departments have this. But there's some technology that they can license, and they can buy a little box, they can ship an iPhone overseas and for as little as 15 hundred bucks they can get the contents of the iPhone. And I can see absolutely see how on in some cases on occasion they could catch criminals that way they could stop something really nasty like a terrorist attack right. And you can probably see the same sorts of things. Well, this is an interesting problem because you have civil libertarians on one side saying no they should not have access to them.  [00:13:46] But, they kind of do, and the way they have access to your iPhone right now is because of a bug, if you will, Right. A loophole, maybe is a better word, and it’s in the iPhone hardware and software that all iPhone’s have. Basically, it’s a USB connector on them, and that connector, when connected up, can be used to start a diagnostic session with the phone. That’s what they use at the Genius Bar, in order to work on your phone to fix it, Right. They use that little port whether it's the old 30-pin or whether it's the brand-new connectors or the new ones apparently next year are going to be USB-C based. So, they use that in order to get into your phone and check it out and fix things. Well there is a problem here. There is a company called Grayshift, and you know they've been out there. They have a product called Greykey and there is an Israeli firm called Cellebrite. They've been using that port on your iPhone in order to break into the iPhone. Now back in the day it was pretty easy to break into nowadays it's really nowhere near as easy. So, what are they going to do. [00:15:04] Well, Apple in its iOS beta releases since 11.3 has had a little feature that's built into it and that feature is that when you connected to a USB accessory the phone has to have been unlocked within the last 60 minutes. So, if you go into the Apple store for instance and they want to run some diagnostics they can't just take over your phone anymore. You now have to log into your phone and once you're on your phone then they can plug into that port right now, it doesn't have to be unlocked at the time you give it to, them but it will have to have been unlocked within the last hour. Now that means that this is probably going to break GrayShift's products that are being used by police departments, worldwide, in order to hack into your iPhone. You know is that a bad thing or is that a good thing. You know I work on security and I've worked with the FBI on hacking and I run the FBI’s webinars to keep the Infragard people up to date. Right. The Infragard webinars. So, how does this impact them while I think it might impact them in a very, very, big way. This might kill those products, entirely, unless the company comes out with products that are literally there in the police car or are there in the FBI vehicle that allows them to grab the phone from the bad guy and hope for the suspect let's say, and hope that that phone has been unlocked within the last hour and then they're off and running.  [00:16:51] So, this one-hour timeline a major change from earlier tests where the time limit was a one-week period.  [00:16:59] But it is significant because Grayshift, had been advising its customers to simply make sure they unlock the iPhone soon after obtaining it. And that's according to some documents that motherboard was reporting on earlier this year. So, it's easy to do within a one- week time limit harder to do with just an hour. This also means to you, that if your phone gets messed up you're not going to have as many options when it comes to having the Apple guys or your tech people go ahead and help fix your phone, Right. So, don't lose that passcode, right. Important safety to remember. As I've been talking I've had some text messages come in. People are wondering here IOS not IOS users but Mac users OK. They're wondering about that 11-year history.  [00:17:52] So just to make it clear for those who might have missed a little bit of it and I'm going to delve into it just slightly more. Right now. [00:18:00] There are the vulnerability is primarily at third party software here that we're talking about. There are at least eight security tools that are known to have this vulnerability and it does not affect IOS. This is only your macs and one of the tools that does affect is one that I use, every day is called Little Snitch firewall and it's a great piece of software, but it also gets fooled. So, this universal file is also known as a FAT problem does exist, but it really only exists on the Apple Macintosh computers. And I'm sure it'll be fixed pretty soon. All of these developers now are aware of the problem and they're going to be fixing it, frankly. This next one here. This is kind of, I'm kind of this is this isn't a weird category I guess as a way to put this. We've had ambulance chasers probably since the days of lawyers, right. Since the very first lawyer anyone ever had these guys and gals that are out there looking for people who have been injured and then trying to help protect their rights and help them claim some money against whoever might have wronged them. All right, that makes sense I can see that. Well this is a little different because now you have a smartphone with you when you go online. That smartphone is showing new advertisements right. And your smartphone also has built into it a GPS. So, your smartphone knows where it is. How many of you can figure out where I'm going with all of this.  [00:19:47] OK, well many people who are in emergency rooms or chiropractor's offices or pain clinics in the Philadelphia area or their area excuse me maybe start noticing their phones. The kind of messages that are directed at you because you're an emergency room or to pain clinic, OK. You're only getting fed the ad because somebody knows that you are in an emergency room. So, it's kind of like an attorney putting a digital kiosk inside of an emergency room when you get on the phone you're going to start seeing ads from Attorneys. So, this is kind of interesting. It's grabbing what's known as a phone I.D. from Wi-Fi cell data or an app using GPS. Yes, and the ads can show up for more than a month and on multiple of your devices, as well. Now the Massachusetts Attorney General, Maura Healey, said here's a quote from her “private medical information should not be exploited in this way especially when it's gathered secretly without a consumer's knowledge without consent as well”. OK so, Healey's office the first one in the country to go after geo-fencing technology that's being used to catch people while they are seeking care. So, this is going to be really kind of interesting, Mass also reached a deal last year with a Massachusetts based digital advertising firm that was sending advertisements from a Christian pregnancy counseling and adoption agency to people who entered Planned Parenthood clinics. So, when patients go to the clinics they cross a digital fence as these GPS fences you've heard of them, I use them all the time myself personally to remind me to pick up stuff when I’m at store and they'll soon get an advertisement such as you have choices click here for pregnancy help.  [00:21:57] So, interesting now in Mass they're saying that those ads violate their consumer protection laws. Other states probably don't have the same thing. OK, we can go for a real quick roundup here now. Couple of things I want to get to before the show ends. We've all heard about AI or artificial intelligence and what it's going to be doing. Well MIT fed data from Reddit which is an online bulletin board into an artificial intelligence and that this is just kind of nuts. You know if you have ever seen EXMachina, It is a great movie but our robot even very, very, interesting they ended up calling this AI Norman. As Norman Bates. Because all he could think of was murder, OK. It's crazy they fed it those inkblots right. The Raw Shark Texts and it was just, murder, murder, murder. Kind of crazy cryptocurrency trading app, Taylor, says all other funds have been stolen in a cyber attack. If you didn't need yet another reason not to get involved with these cryptocurrencies. And speaking of that Cayman Island startup has just raised four billion dollars without any product. And what were they raising it with. You guessed it this is they have a blockchain platforms called block 1.  [00:23:32] It doesn't have a product, Live yet. You should see a picture of this guy. I'll have to make sure it's on my website. But, he looks like he's 10 years old that was running this thing. It's not a great time to be investing. In fact, most of the blockchain currencies are really losing a lot of their value. BMW car computer systems have been found to contain at least 14 separate flaws. This is according to a cybersecurity lab out of China. They allowed hackers take at least partial control of the affected vehicles, and BMW is saying, that that does not allow them to control any of the driving systems in the car. So, that's probably good news. And we had a DNA data breach. This is crazy. The DNA testing service, My Heritage revealed that hackers had breached 92 million, of its accounts. Hard to say exactly what they got, But this is bad news because that data is there forever, and it is not like a password that you can change your DNA is your DNA. Have a lot more podcasting make sure you check that out online. You can find it all at Craig Peterson dot com SUBSCRIBE LEAVE A COMMENT Craig Peterson dot com slash iTunes. I've been doing pretty much daily podcasts. Well until next week we'll see you in the online space I'll make sure I send out any alerts if there are known major problems during the week. Take care and I’ll Talk to you, later, Bye, Bye. --- Related articles: For almost 11 years, hackers could easily bypass 3rd-party macOS signature checks No one is updating their Android devices, new data shows Apple Is Testing a Feature That Could Kill Police iPhone Unlockers Digital Ambulance Chasers? Law Firms Send Ads To Patients’ Phones Inside ERs Cryptocurrency trading app Taylor says all funds have been stolen in a cyber attack. MIT fed an AI data from Reddit, and now it only thinks about murder A blockchain start-up just raised $4 billion without a live product BMW cars found to contain more than a dozen flaws Why a DNA data breach is much worse than a credit card leak New asteroid gold rush ‘could earn everyone on Earth £75 billion’ More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Message Input: Message #techtalk Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

The iOS Show
TiOSS 356 - Post-WWDC Comedown

The iOS Show

Play Episode Listen Later Jun 16, 2018


Apple plans to disable GrayKey box, Grayshift doesn't care, 2019 iPhones with USB-C, solid-state buttons on Apple Watch, and more on this week's episode of The iOS Show! Show notes can be found at theiOSshow.com. If you have any questions, comments, or feedback, send an email to feedback at theiosshow.com! Sponsored by LinkedIn: Go to LinkedIn.com/TIOSS and get a $50 credit toward your first job post! Sponsored by Molekule: The only air purifier that actually destroys pollutants. For $75 off your first order, visit molekule.com and enter the code TOSS at checkout. read more

All Jupiter Broadcasting Shows
Tech Talk Today 274

All Jupiter Broadcasting Shows

Play Episode Listen Later Apr 30, 2018 26:36


The tragic story of Eric Lundgren, someone is trying to extort GrayShift, and scientist have buckets with living pig brains.

tech talk jupiter broadcasting eric lundgren grayshift
Space Javelin
SJ084: AirPort departure, Intel delays, Grayshift karma, armchair punditry, Florida Man and more

Space Javelin

Play Episode Listen Later Apr 30, 2018 59:41


Technically it was kind of a slow news week, cadets, but that just gives the trusty crew of the Space Javelin more time to dig in deep and pick fights with the locals! Grayshift discovers that payback's a ... um, bear ... Apple officially kills off its AirPort lineup, Intel delays Cannon Lake (again), but the Supremes (the judges, not the singers) come through for patent holders. There's a few security alerts to hand out, and figures to go over, so remember to bring your astro-sliderules, cadets! Also on this week are mysterious surges in both Apple TV viewing hours and our podcast download figures (coincidence??), Lexus gets wise to CarPlay, Bandsintown adds Apple Music, Spotify sets out new lures, iTunes (and Apple Music) arrive for Windows 10S users (both of you!), Mike and Charles take apart a bunch of oddball stories and seedy claims, examine some recent cool hardware, and lambaste Amazon's newest, dumbest plan to break into your personal space. Yeah, pick a fight with Jeff Bezos! Brilliant plan! Stock up on space popcorn, we're rare wild Pokemon now!

MashTalk
Apple vs. the FBI never ended, and the FBI is winning, with guests Joseph Cox and Joe Hall

MashTalk

Play Episode Listen Later Apr 27, 2018 34:08


If you own an iPhone, you should be concerned about GrayKey. That's the name for a new kind of device that's becoming increasingly popular with law enforcement agencies across the U.S., according to recent reports. It's popular because it unlocks iPhones protected with a passcode, even ones running Apple's most recent software, iOS 11. GrayKey is the product of Grayshift, a security company based in Atlanta that was co-founded by an ex-Apple security engineer. The device itself is a nondescript black box with two Lightning cables sticking out. But once you connect a locked iPhone, it can somehow bypass Apple's built-in protections against repeatedly attempting to guess the phone's passcode -- effectively letting users "brute force" the code and get in after a certain amount of tries. A four-digit code becomes practically useless, and a six-digit code might take a few days to crack at the most. Phone-cracking technology has been around since people started keeping sensitive information on phones, but in recent years the security pendulum swung hard in the direction of the user, with improved encryption techniques and widespread adoption of it by Apple, Google, and other big tech companies. As a result, law enforcement decried the emergence of "warrant-proof" devices and complained that important communications were now inaccessible, resulting in intelligence gathering was "going dark." With GrayKey, it definitely looks like the pendulum is swinging the other way. Thanks to the reporting of Motherboard journalist Joseph Cox, we know that local law enforcement across the country are buying the device, which costs as little as $15,000 (plus a subscription to Grayshift's service) -- expensive to the individual, but to a police department, much less than a single squad car. Federal agencies are looking to procure the device, too. Cox joined the MashTalk podcast this week to discuss GrayKey, how it works, and the implications of it in the ongoing tug of war between digital security advocates and law enforcement. Joseph Hall, the chief technologist of the Center for Democracy and Technology, a Washington, D.C.-based group that advocates for civil liberties around digital issues, also guests to break down what this could mean for technology policy. One of they first questions we tackle is whether or not GrayKey is actually a good thing? If it's only used when cops have a legitimate warrant to search the contents of an iPhone, doesn't that restore the status quo pre-encryption and ensure they can get the evidence they need to catch criminals? That may be true, but Hall points out that clearly GrayKey takes advantage of some heretofore unknown exploit, which could be leveraged by other parties. And even if others don't discover the flaw, there's not much stopping oppressive regimes, banks, or anyone else with $15,000 to burn from procuring one of these boxes, too. "We have no indication that Grayshift is going to sell these devices only to U.S. law enforcement," said Hall. "They, like any other business that does this, have to ask themselves: How far is too far? What regime is too antithetical to your own principle that you won't sell the devices to?" That would have grave implications for device privacy worldwide. Still, there's hope. As Cox says, the emergence of GrayKey (and other technologies like Cellebrite) means the balance between hacking devices and securing them has shifted, but that doesn't mean it won't shift back. Apple almost certainly has one of these boxes, Cox says, and surely a future iPhone or version of iOS will have better defenses against them. "Eventually when it does get fixed, because presumably it will, there will be another lull," Cox said. "There will be a point where the hackers are trying to catch up again." But does GrayKey betray the existence of a larger problem that needs solving? Just this week the infamous case that pitted Apple against the FBI two years ago was back in the news when research by former Microsoft Chief Technical Officer Ray Ozzie was highlighted in Backchannel: a way for iPhones to have an extra set of encryption keys, stored securely at Apple HQ, and only accessible with a valid warrant on a specific device. It's essentially the backdoor into iPhones law enforcement has been asking for, but it's likely untenable. Ozzie's proposal was eviscerated by the infosec community, and Hall dismisses it as old news. "Having mandates in the laws to have backdoors is just a really bad idea," said Hall. "We know that these devices have flaws, both hardware and software flaws, so use those to find the way. It's not going to be like a light switch -- you can't just turn it on and collect content willy-nilly... it's more something where you develop a capability, and you cultivate that ability. And when you can't do it internally, you may have to rely on the market. In that sense, it's good." As uncomfortable as it may be to face, the security arms race between Big Tech and law enforcement may be the worst solution -- except for all the other ones.

Apple Context Machine
Amazon Cyberpunk, Tim's State Dinner, GrayShift Pudding - ACM 459

Apple Context Machine

Play Episode Listen Later Apr 25, 2018 53:01


In this episode, Bryan Chaffin and Jeff Gamet talk about how Amazon has quietly become the Cyberpunk king. They also discuss Tim Cook’s choice of dinner companions for the White House’s state dinner, and how Grayshift’s data breach is the proof in the pudding that backdoors and cracks get mishandled.

Tech Talk Today
Tech Talk Today 274

Tech Talk Today

Play Episode Listen Later Apr 23, 2018 26:36


Windows 10 users are getting a big update, but we're a little unimpressed, the tragic story of Eric Lundgren, someone is trying to extort GrayShift, and scientist have buckets with living pig brains. Also - how GEDmatch was helpful in busting the Golden State Killer. Plus the new horrible truth we just learned about online dating... All live from LinuxFest Northwest with special guests! Special Guests: Allan Jude and Chase Nunes.

windows tech talk golden state killer gedmatch linuxfest northwest eric lundgren chase nunes grayshift
Space Javelin
SJ078: Peter Cohen, Stephen Hawking, iPad & MBAir talk, Theranos, Amazon recall, Pwn to Own, more

Space Javelin

Play Episode Listen Later Mar 19, 2018 59:06


A very special episode this week, cadets, as Mike has had to go below decks for the first time in a very long time -- leaving Charles in charge (you've waited 78 episodes for that joke, haven't you) with only his special guest and fellow MacCentral.com alumni, Apple and tech news journalist Peter Cohen to help out with analyzing the week's top stories. Before that, though, we celebrate the life -- and dedicate this episode -- to Dr. Stephen Hawking, Master of the Universe. With the help of the ship's cafeteria chip lady and ace reporter Malcolm Owen, among the stories the crew cover this week are a huge bio-med scandal from Theranos, the Apple announcements of both the WWDC dates and a surprise educational event in less than two weeks (both with the potential for new hardware), Google Lens coming to the iOS Google Photos app, and Android Wear becoming "Wear OS by Google" ( because you can just never say "Google" enough, apparently). Also covered are some new exploits from the Pwn to Own hacking competition, a first look at a iPhone-unlocking mobile kit from Grayshift, a powerbank battery recall from AmazonBasics, and -- surprise! -- Mike returns via a leftover Engineering Department report from last week looking at a Mantiz eGPU enclosure and a 1TB PCI-E external Thunderbolt drive from Sonnet. We've had many adventures of late, cadets, and there's more coming next week ... and beyond!

Kurz informiert – die IT-News des Tages von heise online
Kurz informiert vom 06.03.2018: AKW Beznau, iOS 11 Unlock, PCs schützen, Maker Faires 2018

Kurz informiert – die IT-News des Tages von heise online

Play Episode Listen Later Mar 5, 2018


Schweizer AKW Beznau nahe deutscher Grenze darf wieder ans Netz Drei Jahre nach der Entdeckung von fast 1000 etwaigen Schwachstellen darf Block 1 des Schweizer Atomkraftwerks Beznau unweit der deutschen Grenze wieder ans Netz. Der Betreiber habe detailliert nachgewiesen, dass die Aluminiumoxid-Einschlüsse im Stahl des Reaktordruckbehälters die Sicherheit nicht negativ beeinflussten, teilte die Nuklearaufsichtsbehörde ENSI mit. Beznau 1 ist einer der ältesten kommerziellen Reaktoren der Welt. Zweite Forensikfirma will iOS-11-Unlock besitzen Ein US-Start-up namens Grayshift verspricht einen Unlock für Apples jüngste iPhone-Modelle. Die Firma, die offenbar von ehemaligen Vertragsarbeitern der US-Geheimdienste gegründet wurde, wäre nach Cellebrit aus Israel das zweite Forensikunternehmen, das Unlock-Dienste für iPhone X und Co. Anbietet – gegen mindestens 15.000 US-Dollar. PCs und Notebooks vor Angriffen schützen Wer einen PC oder ein Notebook besser gegen Angriffe schützen will, muss Risiken richtig einschätzen: Die schärfsten Sicherheitsmaßnahmen nutzen nichts, wenn an anderer Stelle Lücken bleiben. Die meisten Angriffe auf Computer erfolgen über unsichere Passwörter, Phishing-Mails, Browser, Anwendungsprogramme und Betriebssysteme. c't erklärt in Ausgabe 6/18, welche Schwachstellen in Hardware und Firmware lauern und wie sich Gefahren eindämmen lassen. Maker-Faire-Saison 2018 beginnt. Im März startet die neue Maker-Faire-Saison mit der dritten Auflage der Maker Faire Ruhr durch. Am 10. und 11. März gibt es wieder Steampunk-Atmosphäre und Experimente zum Nachmachen in der DASA Arbeitswelt Ausstellung in Dortmund. Insgesamt stehen für sieben große Maker-Festivals und fünf Mini Maker Faires die Termine bereits fest, von Kiel über Berlin und Hannover bis nach Wien. Dazu kommen samstägliche Schnuppertage in Buchhandlungen. Alle Maker Faire Termine und weitere aktuellen Nachrichten finden sie auf heise.de