Government contractor attempts to buy iPhone hacking tool

A authorities contractor reportedly tried to buy Graykey instruments from journalists.

In a very uncommon scenario, a contractor for the USA authorities reportedly tried to buy digital forensics expertise from a bunch of journalists.

The contractor in query, FSR Consulting LLC, which does enterprise as Cirrus Programs, despatched out an e mail inquiring about pricing for Magnet Forensics’ Graykey, a software primarily used by legislation enforcement companies and digital forensics consultants. With the software, it is attainable to bypass the encryption and safety measures of each Android and iOS gadgets.

Legislation enforcement officers typically use Graykey throughout legal investigations, the place there’s a have to entry non-public data comparable to messages, pictures, app knowledge, and metadata. The software program itself shouldn’t be obtainable to most of the people or the non-public sector, as per the Magnet Forensics website.

Whereas it is smart {that a} authorities contractor, one which reportedly works with companies such because the US Air Power and Navy, would want entry to software program like Graykey, it is past uncommon for such an entity to attempt to buy it from journalists. Cirrus Programs allegedly sent such an e mail to 404Media, addressed to the “Gross sales Crew.”

The message, in some elements, suits the mould of a stereotypical spam e mail, even containing some uncommon phrasing. “I’d be grateful in the event you present us with the very best/ lowest worth quote for the next gadgets for Federal’s demand,” the e-mail reads.

The federal government contractor was reportedly in search of a complete of 4 Graykey licenses and included an in depth listing of required capabilities for the software. Amongst different issues, Cirrus Programs needed the software to have “full forensic acquisition functionality for the most recent generations of iOS as carried out on the most recent iPhone (iPhone 16 at the moment) mobile telephones.”

Based on the alleged e mail, the top person of the software program was meant to be Washington Headquarters Companies, an company that gives a number of companies for the Division of Protection. The WHS provides, amongst different issues, human assets, personnel safety, useful resource administration, and analysis companies to the Workplace of the Secretary of Protection.

Graykey is utilized by varied legislation enforcement companies.

Cirrus Programs works with a number of different authorities companies, as could be seen on the contractor’s website. The listing contains the Division of Justice, Division of Commerce, USDA, in addition to a number of state-level companies.

Regardless of the absurdity of the scenario, a authorities contractor making an attempt to purchase high-level forensics software program from journalists, there is perhaps a motive for it. The identical publication that was contacted published details on Graykey and its capabilities again in November 2024.

It is attainable that somebody representing or posing as Cirrus Programs tried to succeed in out, believing that journalists from the publication had entry to Graykey. Logically, a authorities contractor might simply ship a purchase-related inquiry to Magnet Forensics, the corporate behind Graykey, as the corporate particularly offers with government-affiliated entities and never the non-public sector.

Graykey was developed by the secretive firm Grayshift, and is now owned by Magnet Forensics — a Canadian firm, primarily based in Ontario, that sells its companies to authorities companies in the USA and elsewhere around the globe. Graykey, together with different digital forensics instruments comparable to Cellebrite, are a part of a continuing cat and mouse game with Apple.

Apple’s aim is against these of digital forensics corporations coping with legislation enforcement. Whereas Apple desires to forestall unauthorized people and teams from getting access to iPhone customers’ non-public knowledge, cyber forensics instruments comparable to Graykey are particularly created to interrupt these safety measures.

Through the years, companies such because the FBI have requested that so-called backdoors be carried out in Apple merchandise, one thing which might give them unprecedented entry to person knowledge. UK companies made a similar request in February 2025.

Apple clearly denies such requests, and continues to problem security updates with the intent of defending person knowledge and privateness. The most recent iOS 18.3.1 replace, as an illustration, fixed a vulnerability that was actively being exploited.