Grayshift Co-Founders David Miles, Chief Executive Officer & Braden Thomas, Chief Product Officer

Tell us a little about how Grayshift’s new Android capabilities have built on your iOS access and extraction foundation. What drove the decision to start with the latest Samsung models on the Qualcomm and Exynos chipsets, and how have customers responded?

Braden: Bringing GrayKey support to Android has been in our plans for some time, and we made this a reality in February of 2021 by launching initial support for leading Android devices. The response from our law enforcement partners has been overwhelming, and they have enthusiastically embraced this new capability. They need trusted access to admissible evidentiary data on Android devices – so we made it a top priority.

The decision to start with the latest Samsung models on Qualcomm and Exynos chipsets was driven by market share data combined with customer insights. Shortly after launch, we asked our customers to connect every Android device to their GrayKey, which allows us to prioritize and tailor Android coverage to meet their precise needs. This is a unique benefit of our online-licensed model, which enables us to deliver improvements and enhancements at the speed of the cloud.  

We engage directly with our customers throughout the development cycle by utilizing our world-class Customer Success team, direct feedback via our Beta program, and our newly formed Customer Advisory Board. Our purpose-built solution combined with our trusted relationship with law enforcement agencies is a winning formula to solve cases.

Since launch, our research and development team has been laser focused on rapidly expanding our Android device coverage. Within six months of launching our initial Android access and extraction, Grayshift has increased coverage from one model family to now 20 model families, and we continue to rapidly expand coverage. We are prioritizing the three device manufacturers that currently make up almost 90% of the mobile devices sold in the United States. Our rapid pace of delivering more value to our customers will continue. Stay tuned for future updates from Grayshift. 


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

You both worked in the cyber security industry before founding Grayshift.  How does that experience inform your focus in the digital forensics industry, and what are some key differences and/or similarities between the two industries?

David: Yes, the Grayshift Founding Team has collective decades of experience in advanced cyber security research and modern exploitation. We saw law enforcement’s need for lawful access to mobile devices during criminal investigations as critical, yet they were relying on a mixture of legacy tools and outsourced services. We had a vision to deliver an innovative product-based access and extraction solution that returns control to our law enforcement partners, allows them to preserve the chain of custody for critical evidence, and gives them powerful capabilities to access the most up-to-date mobile devices. Our background in cybersecurity research and exploitation made us uniquely suited to launch a disruptive technology to solve a problem faced by every law enforcement agency.

Braden: We focused on building a team of elite vulnerability researchers to develop our flagship solution – GrayKey. Vulnerability research is core to Grayshift’s DNA. Prior to GrayKey, this level of cybersecurity research has only been accessible to National Defense and Intelligence agencies. With GrayKey, we have broken down these barriers and made these advanced capabilities available to state and local law enforcement, helping to bring about justice and equip these local agencies with the tools needed to help serve and protect our communities. We’re proud of the breadth of our experienced team, which is evident in the velocity of the new capabilities we continue to deliver. 

David: The mission of our law enforcement partners informs the focus and direction of our company. Our solutions are purpose-built to help law enforcement and government agencies swiftly resolve critical investigations. While we are motivated by solving complex problems and delivering elegant technological solutions, the important cases that GrayKey has helped our customers solve drives us to continually do more. GrayKey impacts the lives of real people and helps to ensure public safety. It all starts with what our law enforcement partners need to accelerate their investigations involving encrypted mobile devices.

In a similar vein, since Grayshift first came to market, what’s changed? What’s the same? How did the pandemic affect strategic direction last year, coming into this year?

David: Just five years ago, our Founding team, including myself, Braden, Justin Fisher, and Sean Larsson, started Grayshift together. We had an ambitious vision to develop a product that allows law enforcement agencies and government authorities to gain lawful access to and extract digital evidence from locked mobile devices. 

Fast forward to today, our GrayKey solution is the singular technology on the market to offer lawful, same-day access (often <1 hour) to the latest iOS and Android devices, accessing and extracting all forms of data. Almost half of our GrayKey users reported more than 80% reduction in their backlog of mobile devices. Our current global footprint spans 1,000 agencies across more than 35 countries.

The pandemic has been a challenging time for all of us, yet Grayshift had a tremendous year of growth during 2020.  We have had no downward impact to our business because there is a real need for our GrayKey solution. We’ve seen 90% growth in the past year and tripled our employee base to meet the demand of a growing network of law enforcement partners. 

The growth of our team throughout 2020 was incredible, and our modern workforce demonstrated that we can be highly effective while being completely virtual. We shifted our outreach to host virtual meetings and presentations; and while we missed the in-person interaction with our customers, in many ways, we have been able to reach and interact with an even broader audience. As we have seen with the Delta variant, Covid is still with us and likely to be a challenge that we will continue to face for some time. Our business is resilient, and we will pivot and do what it takes to ensure our law enforcement partners’ success with GrayKey.

Braden: There has been a lot of interest in GrayKey since day one. Law enforcement has shared with us that GrayKey is a gamechanger. Our technology has changed the landscape for digital forensics and continues to outpace legacy forensic providers. In addition, we committed early on to being laser focused on customer success, which has allowed us to earn our users’ trust. This hasn’t changed. Our law enforcement partners applaud our innovation, speed of delivery of new capabilities, and customer support. In fact, Grayshift has maintained an impressive 100% customer satisfaction rating since inception.  

I’d like to look specifically at mobile vulnerability research such as the Checkra1n exploit. Research like this (whether publicized or not) has become increasingly prevalent in digital forensics since devices began to ship with full disk encryption. When we talk in the industry about black box solutions vs. in the wild exploits, what are some of the risks of each (particularly to user data), and what are the benefits? How do you advise customers on admissibility issues or other ways to approach attorneys and trial testimony? 

David: The digital forensics community as a whole lags behind in originating new research in the area of access and extraction. This was a large part of the vision behind GrayKey, and why we saw an opportunity to bring something new to law enforcement agencies. Checkra1n is a great example of this. Most legacy digital forensic providers ride the coattails of public open-source researchers rather than investing in research themselves. The Checkra1n research has helped drive awareness around the need for innovative approaches for gaining access to mobile devices, but it is highly limited unless the investigator using it has the passcode to the device. 

Public research is just not an effective, modern digital forensics strategy. First and foremost, published vulnerabilities are immediately outdated and often fail to support the latest, most modern devices. At Grayshift we strongly believe in the value and integrity of original research for law enforcement. As such we have invested in our direct security research and development team to deliver innovative solutions.

Braden: Some digital forensics companies are on a hamster wheel of support, which is simply a raw deal for the customer. In our industry, speed of support is critical. In fact, Grayshift often delivers initial support for a major update the same day that it is released. Open-source communities cannot match that laser focus. As a result, open-source tools often require substantial rework to be used for forensic access. Furthermore, as we’ve seen clearly with Checkra1n, mobile vendors watch developments in OSS exploit communities very closely and immediately introduce mitigations wherever possible. Relying on such tools means that you are more likely to see breakages over time.

There are inherent sensitivities of 0-days and challenges with studying 0-days, because as soon as the information is disclosed, then it will be patched. Checkra1n is a good example because it was initially touted as un-patchable, but then subsequently patched by Apple. Many mobile software vendors have bounties that exceed a $1M on the very security vulnerabilities that Grayshift leverages for access and extraction. Grayshift’s dedicated security research team ensures that our customers have the forensic capabilities and timely support for even the most modern devices.

At the end of the day, the way the extraction is obtained is irrelevant to the content of the extractions. The methodology by which we’ve extracted the data is proprietary, but the actual contents of the extraction are not – and can be shared with defense and subject to scrutiny. This Checkra1n example only further validates this, providing a limited access and view on some devices compared to what GrayKey provides on all devices.

In the current global political climate, people are increasingly asking about the ethical stances of the companies they work with. What ethical questions lie at the core of Grayshift’s business model, and how do you see the role of digital forensics vendors within the global sociopolitical sphere? 

David: Increasingly digital forensic vendors are subject to public scrutiny and criticism for licensing their technology to authoritarian regimes and within countries where citizens do not have due process and are subject to the potential misuse of the technology. Have they no shame?

Grayshift endeavors to be a purpose-driven company that operates with integrity. We absolutely will not take part in licensing our technology within countries where the individual rights of citizens would be violated. We are dedicated to the lawful, intended use of our GrayKey technology to support law enforcement agencies’ mission to:

  • Protect and to serve
  • Create safer communities
  • Ensure a fair and bias-free legal process

We take our responsibility seriously and are vigilant to ensure that our actions and relationships are principled and lawful, respecting civil liberties and privacy. As part of this commitment, we limit the availability of our technology to law enforcement and government agencies with the proper authorities and processes in place to lawfully access mobile devices. We maintain a rigorous framework for where we do business, which aligns with our mission and values.  

Grayshift only operates in countries where:

  • The rule of law is clearly established, respected, and applicable to everyone
  • Citizens are afforded due process
  • Democratic institutions provide clear protections for individual liberty

What do you see 2021 bringing to the table, and what should customers look forward to next?

David: 2021 has been our year to expand beyond an iOS-only solution and build support for Android, as we have been hard at work demonstrating during the first half of the year. With the introduction of locked LG device support in August, we have started to outpace our competition, and we expect this velocity to continue. We have wowed our law enforcement partners with new Android coverage in GrayKey nearly every two weeks. The speed at which we are innovating addresses the needs of our law enforcement partners and is disrupting the landscape of legacy forensic vendors.

Throughout our Android rollout, our secret weapon has been our ability to capture product telemetry from online GrayKey customers who have opted-in to sharing usage metrics with us. This telemetry allows us to focus our research and development team on the highest priority devices. This is especially critical in the complex and varied Android market, where we cannot just support all devices instantly; prioritization decisions must be made. This online telemetry allows us to react to and prioritize support for the very devices that our customers are connecting to GrayKey – at the speed of the cloud.  Our modern, scalable approach means we are not restricted to asynchronous customer feedback and enables us to innovate quickly.

What are your thoughts on Apple’s newly announced child safety features coming to iOS? 

David: Apple and the U.S. Government have not always seen eye to eye when it comes to balancing their customer’s privacy and security requirements with the needs of law enforcement when conducting criminal investigations. Balancing the two sides is an ongoing debate, and there are very high-profile cases over the last few years that have clearly demonstrated this. Digital forensic practitioners in law enforcement have a critical mission that involves protecting children from abuse and stopping the predators who engage in abuse of children and distribution of CSAM. With our GrayKey solution, Grayshift has helped our law enforcement partners, including Internet Crimes Against Children (ICAC), solve CSAM cases all over the United States. We understand how important these cases are and how prevalent CSAM has become in our society. The upcoming inclusion of new child safety features in iOS and iCloud is a strong incremental step by Apple, and they should be applauded for prioritizing this functionality. Identifying and stopping child predators and human traffickers is an ongoing battle, and there is much more that needs to be done.

Leave a Comment

Latest Videos

Digital Forensics News Round Up, March 27 2024 #dfir #digitalforensics

Forensic Focus 27th March 2024 6:06 pm

Digital Forensics News Round-Up, March 21 2024 #digitalforensics #dfir

Forensic Focus 21st March 2024 6:15 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles