Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

This is part of an ongoing Motherboard series on the proliferation of phone cracking technology, the people behind it, and who is buying it. Follow along here .

“I attended your demo presentation recently held at the Montgomery County Police Headquarters and was pleased by your product’s potential,” an Assistant Commander from the Technical Investigations Section at the Maryland State Police wrote in an email to Grayshift in March.

Grayshift has been shopping its iPhone cracking technology to police forces. The firm, which includes an ex-Apple security engineer on its staff , provided demonstrations to potential customers, according to one email .

“It demonstrates that even state and local police do have access to this data in many situations,” Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, told Motherboard in a Twitter message. “This seems to contradict what the FBI is saying about their inability to access these phones.”

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI’s argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

And police forces are ready to use GrayKey. David R. Bursten, chief public information officer from the Indiana State Police, wrote in an email to Motherboard that the force had only recently obtained the GrayKey device, but that “this investigative tool will be used, when legally authorized to do so, in any investigation where it may help advance an investigation to identify criminal actors with the goal of making arrests and presenting prosecutable cases to the proper prosecuting authority.”

The issue GrayKey overcomes is that iPhones encrypt user data by default. Those in physical possession normally cannot access the phone’s data, such as contact list, saved messages, or photos, without first unlocking the phone with a passcode or fingerprint. Malwarebytes’ post says GrayKey can unlock an iPhone in around two hours, or three days or longer for 6 digit passcodes.

Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de , or email joseph.cox@vice.com .

The GrayKey itself is a small, 4x4 inches box with two lightning cables for connecting iPhones, according to photographs published by cybersecurity firm Malwarebytes . The device comes in two versions: a $15,000 one which requires online connectivity and allows 300 unlocks (or $50 per phone), and and an offline, $30,000 version which can crack as many iPhones as the customer wants. Marketing material seen by Forbes says GrayKey can unlock devices running iterations of Apple’s latest mobile operating system iOS 11, including on the iPhone X, Apple’s most recent phone.

Multiple employees of Grayshift did not respond to requests for comment. In response to a Freedom of Information Act request, the FBI refused to say whether it had purchased GrayKey.

Greg Shipley, Maryland State Police spokesperson, told Motherboard “the connection of electronic devices to a wide range of crimes continues to increase, so the need to obtain investigative information from these devices during a criminal investigation continues to grow.” Last week Maryland State Police told Motherboard that the force is in the early stage of procuring GrayKey; one of the documents obtained includes a price quote from GrayKey dated March 22.

But the FBI is looking to buy the tech, according to a March 8 procurement record. An attached Request for Quotation document says the FBI wants 6 of the offline GrayKey units.

"Only the GreyShift/GreyKey solution can meet the FBI’s technical requirements," another document reads. It adds that GrayKey can "provide a more economical solution for iOS mobile device processing," and that the device "fills a critical need."

KICKING DOWN THE BACKDOOR

In 2016, the Department of Justice infamously tried to compel Apple to create a new operating system that would allow investigators to break into the iPhone 5C of one of the San Bernardino terrorists. The tweak, it was proposed, would allow the FBI to quickly churn through potential passcodes to open the device without triggering the device’s delay feature or wiping its contents. (After several incorrect passcode guesses, iPhones disable any further attempts for an increasing amount of time; some iPhones may delete a user’s data after too many failed guesses.) The Justice Department tried a similar legal approach in other cases involving iPhones.

Cryptographers and technologists generally refer to this addition as a backdoor; that is, a new way to circumvent the protections on a device. But the existence, purchase, and price of GrayKey puts serious doubt on whether law enforcement require any sort of iPhone backdoor.