Apple faces a near-constant challenge: keeping its iPhones secure.
The company has spent years and untold millions of dollars squaring off against a small but talented industry that works to figure out ways to help law enforcement break into iPhones. Currently, security experts believe that tools sold to police struggle to crack iPhone passcodes longer than six digits.
But another tool, previously unknown to the public, doesn’t have to crack the code that people use to unlock their phones. It just has to log the code as the user types it in.
Software called Hide UI, created by Grayshift, a company that makes iPhone-cracking devices for law enforcement, can track a suspect’s passcode when it’s entered into a phone, according to two people in law enforcement, who asked not to be named out of fear of violating non-disclosure agreements.
The spyware, a term for software that surreptitiously tracks users, has been available for about a year but this is the first time details of its existence have been reported, in part because of the non-disclosure agreements police departments sign when they buy a device from Grayshift known as GrayKey.
Those NDAs have helped keep Hide UI a secret. Because of the lack of public scrutiny of the feature as well as its covert behavior, defense attorneys, forensic experts and civil liberties advocates are concerned that Hide UI could be used without giving owners the due process of law, such as a warrant.
“This is messed up. Public oversight of policing is a fundamental value of democracy,” said Jennifer Granick, an attorney from the ACLU. “With these kinds of novel tools we see a real desire for secrecy on the part of the government.”
In the absence of help from Apple, law enforcement officials have relied on companies like Grayshift and Cellebrite to find vulnerabilities in Apple’s software and hardware and build tools that can bypass the iPhone’s security features.
Grayshift, an Atlanta-based company run by security engineers, declined to comment on the existence of Hide UI but stressed that it works to make sure its technology is used lawfully.
“Grayshift develops technology that allows law enforcement agencies to gain access to critical digital evidence during the course of criminal investigations,” said David Miles, CEO of Grayshift. “We take every precaution to ensure that access to our technology is limited, and our customer agreements require that it be used lawfully. Our customers are law enforcement professionals of the highest caliber who use our tool only with appropriate legal authority.”
Apple declined to comment.
The software
The GrayKey device…
Privacy 2024 Recap – some significant decisions, slow progress for reform
The past year saw a few court decisions of note as well as halting progress toward privacy…