A recently exposed forensic tool called "GrayKey" -- sold as being able to hack into iOS 11 devices like the iPhone 8 and iPhone X -- is being used by at least one regional police force in the U.S.
In a purchase order dated Feb. 21, the Indiana State Police bought one GrayKey unit costing $500, and a $14,500 annual license covering 300 unlocks, Motherboard reported on Friday. Developer Grayshift sells two versions of GrayKey -- an online-only, limited-use license costing $15,000, and a $30,000 offline version without restrictions. The Indiana State Police received a $500 discount for their first year.
Emails obtained by Motherboard suggest the agency was extremely eager to sign up.
"This is a RUSH request because item is needed ASAP for evidence gathering for current cases. Please review and forward for approval," one official wrote to a peer on Feb. 20.
In another document, the agency indicated that GrayKey will be used in everything from "high profile murder cases to crimes against children cases where suspects are hiding their content from law enforcement," admitting that even with warrants, there are some devices it has been unable to hack.
The main advantage of GrayKey over options like those from Cellebrite is its price. While $15,000 may sound expensive, the Indiana State Police said Cellebrite submitted a quote valued over $200,000. The FBI infamously paid about $1 million to break into the iPhone 5c of San Bernardino shooter Syed Rizwan Farook.
That could mean that until Apple is able to fix exploits used by Grayshift, iPhone unlocks by law enforcement allowed by a warrant will become increasingly commonplace. Apple prides itself on the impregnability of on-device iPhone encryption, though it regularly hands over iCloud data when served with legal orders.