ICE Expands Use of GrayKey Phone-Hacking Tech

ICE ramps up phone-forensics spending

U.S. Immigration and Customs Enforcement’s law enforcement arm, Homeland Security Investigations (HSI), has contracted with Magnet Forensics for roughly $3 million worth of phone forensics software licenses. Although the contract does not name a product, the description and Magnet’s recent merger activities point to GrayKey — the smartphone unlocking system originally developed by Grayshift.

The federal procurement entry frames the purchase as enabling HSI “to recover digital evidence, process multiple devices, & generate forensic reports essential to mission of protecting national security & public.” This agreement is part of a flurry of recent Magnet Forensics contracts recorded for ICE and HSI.

Other recorded purchases include:

• A $145,000 subscription to Magnet Griffeye Enterprise for data collection and analysis.
• GrayKey Premier software renewal licenses worth $90,000 for iOS and Android extractions in Detroit.
• A $57,000 purchase for GrayKey licenses to support multi-device evidence recovery.
• A $12,000 purchase for unspecified Magnet Forensics software for HSI in Charlotte.

Magnet Forensics acquired Grayshift after a 2023 buyout by private equity firm Thoma Bravo, consolidating GrayKey under Magnet’s portfolio. This follows a previously reported $5 million GrayKey contract ICE signed last year. Magnet Forensics did not respond to requests for comment, and DHS had not publicly responded at the time of reporting.

Why this matters: GrayKey-like systems let investigators bypass smartphone locks and extract extensive on-device data. In ICE’s broader tech stack, they sit alongside facial recognition providers, cell-site and spyware tools, and large-scale analytics platforms. Together these capabilities dramatically increase the reach of digital investigations — but they also increase privacy, oversight, and policy risks.

Consider the trade-offs: faster evidence recovery can accelerate casework and enhance national-security investigations. But when an agency buys tools with broad data extraction power, who audits access logs? How long is extracted data retained, and what safeguards prevent mission creep?

For technology and policy leaders, these procurements are a prompt to reassess governance around digital forensics. Practical steps include procurement reviews that evaluate privacy impact, mandatory usage logging, role-based access controls for extracted data, and transparent reporting to oversight bodies. These measures help balance investigative utility with civil liberties.

QuarkyByte’s approach is to translate this kind of signal into actionable risk reduction: we map tool chains, test control effectiveness, and design governance playbooks that operational leaders can adopt. Whether you’re a government compliance team or a private sector partner, thinking through the lifecycle of extracted data is now essential.

As agencies continue to modernize investigative toolkits, expect more procurement entries like this one — and more pressure for clear policies about use, oversight, and transparency. The technology makes powerful investigations possible; governance makes them accountable.