Law enforcement using covert software to trick suspects into handing over passcodes

iPhone X passcode screen
iPhone X passcode screen (Image credit: iMore)

What you need to know

  • Law enforcement agencies can use a tool called GrayKey to crack iPhone passcodes.
  • But if that doesn't work, they have a sneaky alternative.
  • A report suggests that some agencies can install software that tracks the password entered into a phone without the suspect's knowledge.

A report suggests that some law enforcement agencies are using software called 'Hide UI' to trick suspects into giving up their iPhone passcodes.

The report has come to light in the wake of further comments made by the FBI about Apple's "unwillingness" to help crack open two phones belonging to the Pensacola naval base shooter. As reported by NBC News:

The GrayKey device, first revealed by Forbes and detailed by security blog Malwarebytes, is a small box with two iPhone lightning cables sticking out of it that was launched in March 2018. Law enforcement officials can plug any recent model of iPhone into the cables to install an "agent" (a piece of software) on the device. The agent then attempts to crack the passcode, offering an estimate for how much time it might take.

Grayshift's GrayKey is not a revelation, and its ability to crack iPhone passcodes has been touted by some privacy experts as one of the reasons that law enforcement agencies do not need Apple to create a backdoor to iOS. This recent report, however, was meant to highlight the more subtle, and sinister, 'Plan B' that agencies sometimes use.

It's called 'Hide UI', a piece of covert software installed on a suspect's phone without their knowledge. Hide UI can log the passcode you type into your phone, all the agency has to do is give the phone back to a suspect and then have them enter there passcode unwittingly:

For example, a law enforcement official could tell the suspect they can call their lawyer or take some phone numbers off the device. Once the suspect has done this, even if they lock their phone again, Hide UI will have stored the passcode in a text file that can be extracted the next time the phone is plugged into the GrayKey device. Law enforcement can then use the passcode to unlock the phone and extract all the data stored on it.

One official cited said that 'Hide UI' was "great technology for our cases", before stating "but as a citizen, I don't really like how it's being used. I feel like sometimes officers will engage in borderline and unethical behavior"... yeah, no kidding. Another source said that Hide UI was actually quite buggy and that logistically it was often easier to get a suspect to hand over their passcode during interrogation.

One important distinction between GrayKey and the Hide UI trick is that the former requires a warrant. It seems there is concern the latter might be being used "without a warrant by law enforcement officers looking for shortcuts."

Hide UI, which is also made by Grayshift, has reportedly been hidden by NDA agreements that law enforcement agencies have signed. According to the report "hundreds of state and local law enforcement agencies across the U.S." have access to GrayKey devices. They state it is unclear how often Hide UI might be being used by these agencies.

You can read the full report here.

Stephen Warwick
News Editor

Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.

Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9