Hide UI and GrayKey -These iPhone spyware lets police hack passcodes when cracking doesn’t work
The news of the U.S. Federal Bureau of Investigation (FBI) unlocking the Pensacola shooter’s iPhone without Apple’s help has been making headlines. FBI managed to hack into the Pensacola shooter’s iPhone and found he had been in contact with Al-Qaeda since 2015. The hacking reignited the debate over the FBI’s right to unlock iPhone belonging to terrorists and criminals without Apple’s help.
However, the FBI did not reveal how it unlocked the iPhone belonging to the Pensacola shooter. Most evidence points to a new iPhone spyware helping the law enforcement agencies to crack the passcode using spyware instead of hacking or decrypting the iPhone data. The new spyware is called HideUI doesn’t have to crack the code that people use to unlock their phones. It just has to log the code as the user types it in.
What is HideUI?
Hide UI is an iPhone spyware created by Grayshift, a company that makes iPhone-cracking devices for various law enforcement agencies. Hide UI can track a suspect’s passcode when it’s entered into a phone. The log is then passed on to the agencies who have purchased the spyware from Grayshift.
More details about Hide UI are not known because of the Non-Disclosure Agreement that the authorities signed with Grayshift. However, an unnamed source from a law enforcement agency confirmed the existence of Hide UI and it is part of the GrayKey marketed by Grayshift.
What is GrayKey?
The GrayKey device, first reported by Forbes in 2018 and retails for $15,000 a pop. The malware was analyzed by Malwarebytes. GrayKey is basically a small gadget with two iPhone lightning cables sticking out of it. The lightning cables allow any law enforcement agency to plug an iPhone and install malware on the device. The malware allows the agencies to crack a four-digit iPhone pin in four hours. Six-digit PIN codes can take up to a day according to calculations by cryptographer Matthew Green, an Associate Professor of Computer Science at the Johns Hopkins Information Security Institute. For eight- and 10-digit passcodes it can take weeks or years.
Hide UI is a spyware tool of GrayKey software. Hide UI is an App that sits on your iPhone or Android without your consent and tracks your usage. Hide UI has been marketed by Grayshift since 2018 and has been made available to the law enforcement agencies for a year. However, the clients of GrayKey or Hide UI are not known.
Because of NDA and secrecy, more about GrayKey or Hide UI is not known. This makes public scrutiny of methods used by the FBI and other law agencies difficult. Defense attorneys, forensic experts, and civil liberties advocates are concerned that Hide UI could be used without giving owners the due process of law, such as a warrant.
This is messed up. Public oversight of policing is a fundamental value of democracy. With these kinds of novel tools we see a real desire for secrecy on the part of the government.
Jennifer Granick, an attorney from the ACLU.
This news assumes significance in light of the FBI cracking the Pensacola shooter’s iPhone. Was Hide UI used by the FBI to find out the passkey of the shooter? In the absence of help from Apple, law enforcement officials rely on companies like Grayshift, NSO Group, and Cellebrite to find vulnerabilities in Apple’s software and hardware and build tools that can bypass the iPhone’s security features. This could be one such instance where the FBI succeeded in using the crack to hack Pensacola shooter’s iPhone.
Grayshift, an Atlanta-based company, and maker of GrayKey and Hide UI declined to comment on the existence of Hide UI but stressed that it works to make sure its technology is used lawfully.
Grayshift develops technology that allows law enforcement agencies to gain access to critical digital evidence during the course of criminal investigations. We take every precaution to ensure that access to our technology is limited, and our customer agreements require that it be used lawfully. Our customers are law enforcement professionals of the highest caliber who use our tool only with appropriate legal authority.
David Miles, CEO of Grayshift.
It remains to be seen whether Hide UI was used by the FBI in cracking Pensacola shooter’s iPhone. We will keep you updated about the latest news of the hacking.