A secret iPhone hacking device, used by local law enforcement agencies, is being paid for with your tax dollars.
It’s call GrayKey, a device that unlocks newer model iPhones and downloads the data. The technology is shrouded in secrecy and Apple Inc. has made shutting the device down a priority.
Action News Jax Reporter Paige Kelton dug through a 400 page Georgia Bureau of Investigation report into the night suspended Glynn County Police Lt. Cory Sasser killed his estranged wife Katie Sasser, her friend John Hall Jr. and then committed suicide.
In the report, she found an obscure reference to something we now know is GrayKey technology.
Agents, unable to unlock Sasser’s iPhone X after his death, reached out to a GBI forensics investigator who admitted the agency had “recently acquired equipment that might unlock the iPhone.”
The agency then obtained this search warrant, granting agents access to the data.
"There's no such thing as a back door that only one person can use,” says Thomas Reed of anti-malware software company Malwarebytes.
Reed published the only picture we have of the GrayKey device, adding he was tipped off by a member of law enforcement who was uncomfortable with what the key could do.
"He felt like the public had a right to know about that, that it shouldn't be a secret,” Reed said.
According to Reed, GrayKey was developed by a former Apple Inc. engineer and is only offered for sale to law enforcement.
Action News Jax Investigates: Bullet-resistant seat cushions
Action News Jax Investigates: Virtual assistants exposing you to danger
Apple itself has repeatedly refused to help federal and local agencies hack into the iPhones of criminal suspects, citing privacy concerns.
GrayKey is made by Grayshift LLC. According to Georgia state business records, the company began operating in April 2018 and is based in an Atlanta suburb.
But we found the address listed is a mailbox at a UPS store.
The Grayshift website can only be accessed by subscribers, and our requests for information and an interview went unanswered.
We reached out to the Florida Department of Law Enforcement, and our three largest local sheriff’s departments to learn which agencies have a GrayKey device.
Neither FDLE nor the Jacksonville Sheriff’s Office would confirm they use the iPhone hacking technology.
But a public records request revealed this City of Jacksonville purchase order dated May 24, for $15,000 paid to Graftshift LLC for one GrayKey unit.
The shipping address is the Jacksonville Sheriff’s Office.
A Clay County Sheriff’s Office spokesman told Action News Jax the agency did not use the device.
The St. John’s County Sheriff’s Office was the only local agency to confirm its use of GrayKey, calling it an important investigative tool that is only used with a search warrant.
A search of public records found police agencies across the country spending tens of thousands of dollars on GrayKey hacking technology.
Action News Jax Investigates: Gadgets that promise to help you sleep
Action News Jax also found in recent months upwards of a dozen federal agencies, such as the IRS, Secret Service, Coast Guard and Immigration and Customs Enforcement have awarded Grayshift LLC, more than $1 million in government contracts.
While the Fourth Amendment of the Constitution protects you from unreasonable searches and seizures, Action News Jax Law and Safety Expert and Former FBI agent Dale Carson fears technology is outpacing oversight.
"Unless there's a physical law that says you can't do it and if you do this is the penalty, then they're likely to continue to do it,” Carson said.
Tech experts share those concerns, and fear the government's expanded use of phone hacking technology could backfire, with devices like GrayKey, potentially unlocking a new threat to privacy.
"If one person can access a backdoor, lots of other people are going to figure it out and pick that lock'" Reed said.
TODAY on CBS47 at 5:45 | We expose the powerful technology Jacksonville-area police agencies are using to legally access an iPhone, without the owner's permission: A device shrouded in secrecy, paid for using taxpayer dollars | https://t.co/3RNwhHUsv9 pic.twitter.com/D1TcYO6CFF— Paige Kelton (@PaigeANjax) November 1, 2018
Recently, Apple Inc. rolled out its new IOS update, which contains a patch called "USB restricted mode.”
It requires a passcode when the iPhone is plugged into a computer.
Sources say the update, which enables the restricted mode automatically, appears to have rendered GrayKey useless in iPhone X models. But sources say older model iPhones are still vulnerable, and the data is at least partially or fully transferable.
Action News Jax reached out to Apple Inc. for comment about GrayKey technology and its new update.
We’re still waiting for a response.
© 2018 Cox Media Group.