Site icon TechieMag

This Spyware Can Secretly Steal Your iPhone Passcode: Report – TechiMag.net

iPhone Passcode
iPhone Passcode

Grayshift, an Atlanta-based mobile device forensics company, is advertising a software tool that doesn’t need to crack the passcode to unlock locked iPhones, according to a new report from NBC News.

For those unaware, Grayshift is the company behind the iPhone unlocking device called “GrayKey” used by law enforcement agencies around the world to break passwords on iPhones involved in criminal investigations. The process of getting passcode could take several hours to some days to complete depending on the size of the password. 

Now, Grayshift is developing an advanced spyware software called “Hide UI” that can track a suspect’s passcode as soon as it is entered into the iPhone, reports NBC citing two anonymous people in law enforcement so as to not violate non-disclosure agreements signed by them. 

According to NBC, although the Hide UI software has been around for about a year, its existence has been kept under wraps due to non-disclosure agreements signed by law enforcement officials. While Grayshift doesn’t publicly refer to Hide UI as a feature, it does refer to some “advanced features” in its GrayKey marketing materials. 

The feature — and others designed for intelligence gathering — are only explained to potential customers if they sign a non-disclosure agreement, said the law enforcement officials.

For Hide UI to work, the law enforcement agencies need to install the software on the suspect’s locked iPhone via the GrayKey. It then requires the authorities to cleverly put the device back into the hands of the suspect, and ask them to enter their passcode. For instance, a law enforcement official could tell the suspect to call their lawyer or delete some phone contacts. 

Once the suspect unlocks the smartphone with the passcode and returns it, Hide UI will have the user’s passcode stored in a file that can be extracted by the GrayKey device.

“It’s great technology for our cases, but as a citizen I don’t really like how it’s being used. I feel like sometimes officers will engage in borderline and unethical behavior,” one law enforcement official said.

The second law enforcement official said that the software was “buggy” and that it was often easier to get the suspect hand over the passcode of their iPhone during interrogation instead of using Hide UI.

A leaked screenshot of Hide UI installed on an iPhone X and shared with NBC News reveals that besides retrieving passcode, the feature also disables Airplane Mode and prevents the iPhone from being wiped off. 

Several defense attorneys, forensic experts, and civil liberties advocates have raised questions and concerns about using the software. They fear that it could be used by law enforcement agencies without a search warrant violating the due process of law.

“This is messed up. Public oversight of policing is a fundamental value of democracy,” said Jennifer Granick, an attorney from the ACLU (American Civil Liberties Union). “With these kinds of novel tools we see a real desire for secrecy on the part of the government.”

However, law enforcement officials who spoke with NBC maintained that they would only plug a phone into the GrayKey device if they had a search warrant. It is not known not if the Hide UI feature has been used without a warrant.

Some civil liberties groups including the ACLU also fear that prosecutors could be dropping cases to avoid disclosing more details about Hide UI spyware, which would eventually lead to not prosecuting guilty suspects.