The FBI was able to hack into Trump shooter's phone using a tiny hacking device. Here's how

The FBI has successfully unlocked the password-protected phone of Thomas Matthew Crooks, the deceased suspect in the recent assassination attempt on former President Donald Trump.

While the phone’s manufacturer remains unidentified — possibly Apple, Google, Samsung, or another — it’s likely an iPhone given how prevalent the device is in the US.

Initially, the FBI struggled to access the phone, as reported by The New York Times. Authorities in Pennsylvania couldn’t unlock it, prompting them to send it to Quantico, Virginia, for further analysis.

Details on how the FBI eventually bypassed the phone’s security remain unclear, but this development highlights how sourcing evidence from encrypted devices in high-profile cases has evolved since the Department of Justice’s (DOJ) attempts to force Apple to unlock the iPhone of the San Bernardino shooter nearly a decade ago.

In a press email on Monday, the FBI confirmed their technical specialists had gained access to Crooks’ phone and were analyzing his electronic devices, as reported by 404 Media. This contrasts with Sunday’s statement where authorities indicated they were unable to unlock the phone.

The struggle between law enforcement and tech companies over encryption is not new.

In 2016, the DOJ engaged in a legal battle with Apple, seeking to compel the company to alter its iOS operating system to bypass protections on the San Bernardino shooter’s device. The case was dropped when the FBI enlisted Azimuth Security, a top hacking firm, to break into the phone.

Since then, technologies like Grayshift’s GrayKey—a device capable of breaking into modern iPhones—have become staples in forensic investigations across federal, state, and local levels.

In other cases where the FBI demanded access to data stored in a locked phone, like the San Bernardino and Pensacola shootings, the FBI unlocked devices without Apple’s help, often by purchasing hacking tools from foreign entities like Cellebrite.

GrayKey and Cellebrite are advanced tools widely used in digital forensics to access data on mobile devices like smartphones.

GrayKey, developed by Grayshift, specializes in unlocking iPhones and extracting their data. It bypasses the security measures, including passcodes and encryption, to retrieve contents such as messages, call logs, and photos.

Law enforcement agencies and forensic investigators typically use GrayKey by connecting it to an iPhone via the lightning port. Through a combination of software and hardware techniques, it exploits vulnerabilities in the iOS operating system. While effective, GrayKey’s ability to access sensitive information has raised significant privacy and security concerns.

Cellebrite UFED (Universal Forensic Extraction Device) is another prominent forensic tool capable of extracting data from a wide range of mobile devices, including smartphones and tablets across various operating systems.

Unlike GrayKey, Cellebrite UFED supports numerous device types beyond iPhones. It can bypass security mechanisms, recover deleted data, and extract various kinds of information stored on the device. This tool is employed globally by law enforcement, intelligence agencies, and private-sector forensic specialists.

Utilising a combination of software algorithms and physical connectivity to the device, Cellebrite can decrypt and analyze data from different apps, system files, and user-generated content. Both GrayKey and Cellebrite UFED are powerful and evolving tools, essential for gathering evidence within legal frameworks while also prompting ongoing discussions about privacy and security in digital forensics.

Despite the prevalence of both these devices in law enforcement agencies across the US, the FBI has repeatedly requested a “good guy back door” from companies like Apple, which has steadfastly resisted, citing consumer privacy concerns.

Apple, if compelled to hand over data, can only provide what’s stored in iCloud, which can be minimal if the user has enabled Advanced Data Protection or simply refuses to store much of his or her data on the cloud.

As the investigation into Crooks’ devices continues, it remains to be seen whether the FBI will again call for changes to encryption standards or choose to collaborate with smartphone manufacturers or acquire hacking tools independently.