UK Police are Buying Hacking Tech to Access Locked iPhones

At least three different English police forces have apparently spent thousands of pounds on new iPhone hacking tech. Lancashire, Derbyshire, and Nottinghamshire have purchased licenses for GrayKey, a company that can unlock everything up to iOS 12.

The UK Police’s New Hacking Tech – The Full Story

Three UK Police Forces, Lancashire, Derbyshire, and Nottinghamshire were found to have purchased hacking tech to give them easier access to the iPhones related to criminal cases. The licenses purchased are for an iPhone unlocking device, GrayKey, from a US-based company called Grayshift.

The box allows officers to gain access to the messages, photos, and activity logs of iOS devices, even those running iOS 12.  The problem here is not the police purchasing this tech. All three forces have been clear in stating that GrayKey will be used to support ongoing criminal investigations only. The issue is with the transparency of these forces during the time they bought the tech.

Before the bills and documents linked above were uncovered, no one knew that they were underway. According to Scarlet Kim, a Legal Officer at Privacy International, the problem is that secret purchases of this caliber mean the police force don’t end up implementing “baseline safeguards” to ward against possible abuse of the tech in the future.

In other words, the main fear is that a lack of transparency will make it easier for the hacking tech to fall into the wrong hands. If the public doesn’t know this tech exists, why would it know if the tech falls into the wrong hands?

What is Grayshift?

The first time the public heard about Grayshift and its iPhone breaking box was in March 2018. At the time, Forbes was the first to report on this mysterious hacking tech. Apparently, Grayshift offers an online and offline version of its software. The online version, which is limited to only 300 hacks, costs around $15,000. The offline version, i.e. the GrayKey box, costs double that amount and has unlimited uses.

The technology makes use of a vulnerability found in all of Apple’s iOS version. However, Grayshift has never discussed which vulnerability it exploits.

GrayKey – The Hacking Tech in the Thorn of Apple’s Side

GrayKey id able to unblock all of Apple’s iOS versions, including iOS 12. This, obviously, is not good for Apple, especially since no one knows what the vulnerability this tech exploits is.

Grayshift markets itself as a cybersecurity firm that aims to “support local, state and federal government agencies for the purposes of accessing mobile platforms to enable digital forensic analysis”. However, further digging shows that the firm is, in fact, a Security Research Consulting company. This is terrifying, as the lack of regulations towards such tech could mean drastic setbacks in online privacy if bought by a private company. What’s worse is that no one knows who Grayshift’s customers are or how to contact the company in the first place.

Grayshift’s website requires a log-in to see anything but their logo and key message. This suggests that there might be a different way of communicating with the company in the first place.

The UK Police’s New Hacking Tech – Final Thoughts

Let us be honest, it is important for the police to have the ability to access important data on the phones of criminals and terrorists. However, these kinds of hacking tech need to be regulated. There has to be a set of rules that dictate how such tech gets to be disseminated, and to whom. The problem with Grayshift, at least for me, is that it could very well be selling this tech to private companies. This drastically affects how the world handles privacy and security online.