iPhone charging portSource: Joseph Keller/iMore

What you need to know

  • A new Forbes report says a European Union agency trained police worldwide to hack iPhones.
  • The report claims CEPOL told officers "across the globe" how to use tools like GrayKey to access iPhones.
  • Training also reportedly included using fake Facebook accounts and scraping tools on Twitter for social media surveillance.

A new report from Forbes claims the EU law enforcement training agency CEPOL trained police officers around the world to use hacking tools like GrayKey to access iPhones.

The report, From cybersecurity expert Thomas Brewster, states:

Police across the world are getting special training from a little-known European Union agency on how best to snoop on Facebook and Apple iPhones, according to documents obtained by nonprofit Privacy International.

The files reveal that CEPOL, the EU's law enforcement training agency, instructed officers across the globe, from within Europe and in Africa, on how to use malware and other tools to gain access to citizens' phones and monitor social networks. In some cases, the training was funded by EU aid coffers and went to countries with histories of human rights abuses, Privacy International warned.

According to the report, slides and training documents uncovered reveal that CEPOL promoted the use of iPhone hacking tool GrayKey:

Amongst the hundreds of training slides obtained by Privacy International are those promoting iPhone hacking tools like GrayKey. Produced by Atlanta-based Grayshift, the files show that the tool, which promises to bypass lockscreens of many modern iPhones, has now gone global and is being pushed in Africa and beyond by CEPOL.

The report says that a training session in Morocco contained information telling participants to use GrayKey alongside Axiom, a Canadian-made tool that "can grab the Apple keychain from within the iPhone, granting it access to apps and the data within." The report continues:

As for another way to break the security of iPhones or other smartphones, Spain's Policia Nacional, a CEPOL partner, trained authorities in Bosnia and Herzegovina on using malware, malicious software that can remotely control an infected device. One slide simply reads: "The future is to use malware."

The report further claims that CEPOL and EU police "are encouraging foreign governments to spy on social networks", using fake Facebook accounts and scraping tools to gather up tweets. As noted by Brewster on Twitter, such tactics would violate both Twitter and Facebook's terms.

As the report notes, this revelation comes just days after the EU announced its plan for "EU-wide transparency on the export of cyber surveillance."

You can read the full report here.