‘Hide UI’ – New Grayshift Feature Plants Hidden Passcode Monitoring Software on iPhones

Olivia Solon, reporting for NBC News:

Software called Hide UI, created by Grayshift, a company that makes iPhone-cracking devices for law enforcement, can track a suspect’s passcode when it’s entered into a phone, according to two people in law enforcement, who asked not to be named out of fear of violating non-disclosure agreements. […]

The GrayKey device, first revealed by Forbes and detailed by security blog Malwarebytes, is a small box with two iPhone lightning cables sticking out of it that was launched in March 2018. Law enforcement officials can plug any recent model of iPhone into the cables to install an “agent” (a piece of software) on the device. The agent then attempts to crack the passcode, offering an estimate for how much time it might take.

In order for this feature to work, law enforcement officials must install the covert software and then set up a scenario to put a seized device back into the hands of the suspect, said the people familiar with the system. […] For example, a law enforcement official could tell the suspect they can call their lawyer or take some phone numbers off the device. Once the suspect has done this, even if they lock their phone again, Hide UI will have stored the passcode in a text file that can be extracted the next time the phone is plugged into the GrayKey device. Law enforcement can then use the passcode to unlock the phone and extract all the data stored on it.

Anyone who trusts their device after they know it’s been in the hands of law enforcement is a fool. You’d have to be pretty stupid to fall for this, but there are a lot of stupid people out there.

Grayshift, you will recall, was cofounded by Braden Thomas, who spent six years at Apple as a security engineer, and who is, to say the least, not popular with his former colleagues. “What a fucking piece of shit,” one former Apple engineer told me of Thomas back in January.

Wednesday, 20 May 2020