Law enforcement using new tool to unlock cellphones

MONTGOMERY COUNTY, Ohio — Law enforcement agencies are using a mysterious new tool to unlock criminal suspects’ cellphones and access their text messages, emails and voice messages. Some agencies around the country, concerned about security, are not even acknowledging use of the devices. Adding to the secrecy surrounding the new tool, one of the companies that makes and sells the devices to police and government agencies does not display its products on the company website.

Still, the WHIO-TV I-Team was able to get access to a device used by the Montgomery County Sheriff's Office. Isaiah Kellar, a detective in the Special Investigations Unit, was willing to show WHIO-TV how it works.

“Pretty much anything you do on your cellphone, we’re able to look at through our computer software,” Kellar said.

The device is about the size of a small tablet computer with USB connections to plug in a cellphone. Kellar said bypassing the passcode may take hours or days, allowing the phone data to be downloaded.

Dave Langos, director of the Sheriff's Office Criminal Intelligence Unit, said the unlocking of the phone can be critical to a criminal investigation, revealing where that phone has been and potentially placing a suspect at the scene of a crime.

“With the proper search warrant and so forth for the phone the information you retrieve from those is very valuable in solving cases and that has been proven over and over again,” Langos said.

Two major companies produce devices that can hack passcodes and phone security systems. The Montgomery County Sheriff’s Office uses one from Cellebrite. Another firm, Grayshift, has a model called the Gray Key.

While the devices are helpful in gathering vital information in police investigations, privacy advocates are concerned about the possibility of abuse by government agencies, employers, or anyone else with access to a hacking device.

Dale Carson, a Florida-based attorney and former FBI agent, said Congress should step in and regulate the use of the devices to guard against abuse.

“Unless there’s a physical law that says you can’t do it and if you do, this is the penalty, then they’re likely to continue to do it,” Carson said.

The maker of the iPhone, Apple, already has responded to the use of the hacking machines. The company has changed the software for its newest phones to block the Cellebrite and Gray Key devices from bypassing the user’s passcode.

Professor David Salisbury, of the University of Dayton, said the companies already have said they plan to change their hacking devices to get around Apple’s new roadblock.

“For the foreseeable future I think it’s going to be a bit of an arms race,” Salisbury said.

Will the use of cellphone hacking machines end up being dealt with by Congress?

Salisbury said it may begin there, but perhaps any new law will not be the end of it.

“I would be inclined to think there will be legislation and that legislation will be tested by somebody. That means we wind up in the Supreme Court,” Salisbury said.

The hacking devices come at a steep price. One of them, from Grayshift, costs $15,000 for limited usage. Another model runs for $30,000 and can be used to unlock an unlimited number of phones. Apple’s latest block of the device only applies to the newest phones. The Cellebrite and Gray Key devices can still bypass the passcode on older phones.