The FBI has successfully unlocked the password-protected phone of Thomas Matthew Crooks, the deceased suspect in the recent assassination attempt on former President Donald Trump.
While the phone’s manufacturer remains unidentified — possibly Apple, Google, Samsung, or another — it’s likely an iPhone, given how prevalent the device is in the US.
As reported by The New York Times, the FBI struggled to access the phone initially. Authorities in Pennsylvania couldn’t unlock it, prompting them to send it to Quantico, Virginia, for further analysis.
Details on how the FBI eventually bypassed the phone’s security remain unclear. Still, this development highlights how sourcing evidence from encrypted devices in high-profile cases has evolved since the Department of Justice’s (DOJ) attempts to force Apple to unlock the iPhone of the San Bernardino shooter nearly a decade ago.
In a press email on Monday, the FBI confirmed that its technical specialists had gained access to Crooks’ phone and were analyzing his electronic devices, as reported by 404 Media. This contrasts with Sunday’s statement, in which authorities indicated they were unable to unlock the phone.
The struggle between law enforcement and tech companies over encryption is not new.
In 2016, the DOJ engaged in a legal battle with Apple, seeking to compel the company to alter its iOS operating system to bypass protections on the San Bernardino shooter’s device. The case was dropped when the FBI enlisted Azimuth Security, a top hacking firm, to break into the phone.
Since then, technologies like Grayshift’s GrayKey—a device capable of breaking into modern iPhones—have become staples in forensic investigations across federal, state, and local levels.
In other cases where the FBI demanded access to data stored in a locked phone, like the San Bernardino and Pensacola shootings, the FBI unlocked devices without Apple’s help, often by purchasing hacking tools from foreign entities like Cellebrite.
GrayKey and Cellebrite are advanced tools widely used in digital forensics to access data on mobile devices like smartphones.
GrayKey, developed by Grayshift, specializes in unlocking iPhones and extracting their data. It bypasses security measures, including passcodes and encryption, to retrieve contents such as messages, call logs, and photos.
Law enforcement agencies and forensic investigators typically connect GrayKey to an iPhone via the lightning port. Through a combination of software and hardware techniques, it exploits vulnerabilities in the iOS operating system. While effective, GrayKey’s ability to access sensitive information has raised significant privacy and security concerns.
Cellebrite UFED (Universal Forensic Extraction Device) is another prominent forensic tool capable of extracting data from various mobile devices across different operating systems, including smartphones and tablets.
Unlike GrayKey, Cellebrite UFED supports numerous device types beyond iPhones. It can bypass security mechanisms, recover deleted data, and extract various information stored on the device. This tool is employed globally by law enforcement, intelligence agencies, and private-sector forensic specialists.
Cellebrite can decrypt and analyze data from different apps, system files, and user-generated content using software algorithms and physical connectivity to the device. GrayKey and Cellebrite UFED are robust and evolving tools essential for gathering evidence within legal frameworks while prompting ongoing discussions about privacy and security in digital forensics.
Despite the prevalence of both these devices in law enforcement agencies across the US, the FBI has repeatedly requested a “good guy back door” from companies like Apple, which has steadfastly resisted, citing consumer privacy concerns.
Apple can only provide what’s stored in iCloud if compelled to hand over data, which can be minimal if the user has enabled Advanced Data Protection or simply refuses to store much of his or her data on the cloud.
As the investigation into Crooks’ devices continues, it remains to be seen whether the FBI will again call for changes to encryption standards, collaborate with smartphone manufacturers, or acquire hacking tools independently.
