Law enforcement using covert software to trick suspects into handing over passcodes
What you need to know
- Law enforcement agencies can use a tool called GrayKey to crack iPhone passcodes.
- But if that doesn't work, they have a sneaky alternative.
- A report suggests that some agencies can install software that tracks the password entered into a phone without the suspect's knowledge.
A report suggests that some law enforcement agencies are using software called 'Hide UI' to trick suspects into giving up their iPhone passcodes.
The report has come to light in the wake of further comments made by the FBI about Apple's "unwillingness" to help crack open two phones belonging to the Pensacola naval base shooter. As reported by NBC News:
Grayshift's GrayKey is not a revelation, and its ability to crack iPhone passcodes has been touted by some privacy experts as one of the reasons that law enforcement agencies do not need Apple to create a backdoor to iOS. This recent report, however, was meant to highlight the more subtle, and sinister, 'Plan B' that agencies sometimes use.
It's called 'Hide UI', a piece of covert software installed on a suspect's phone without their knowledge. Hide UI can log the passcode you type into your phone, all the agency has to do is give the phone back to a suspect and then have them enter there passcode unwittingly:
One official cited said that 'Hide UI' was "great technology for our cases", before stating "but as a citizen, I don't really like how it's being used. I feel like sometimes officers will engage in borderline and unethical behavior"... yeah, no kidding. Another source said that Hide UI was actually quite buggy and that logistically it was often easier to get a suspect to hand over their passcode during interrogation.
One important distinction between GrayKey and the Hide UI trick is that the former requires a warrant. It seems there is concern the latter might be being used "without a warrant by law enforcement officers looking for shortcuts."
Hide UI, which is also made by Grayshift, has reportedly been hidden by NDA agreements that law enforcement agencies have signed. According to the report "hundreds of state and local law enforcement agencies across the U.S." have access to GrayKey devices. They state it is unclear how often Hide UI might be being used by these agencies.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design. Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9