police cars

American Police Use Spyware to Log iPhone Passcodes

Last edited: May 20, 2020
Reading time: 3 minutes, 54 seconds

The American police forces have a sly way to log a suspect’s iPhone passcode. They use software that can log someone’s passcode whenever it is entered into the phone. This software is called Hide UI, and makes it very easy for police forces to unlock a phone and collect evidence on it.

This was reported by NBC News, who have received this information from two sources who want to remain anonymous. They fear that they are violating non-disclosure agreements.

Back and Forth

One of Apple’s main priorities is security. They sell about 200 million iPhones to private individuals, companies, politicians, and other well-known people. They all assume that Apple safeguards their private information. The tech company invests millions of dollars every year to make sure that it is next to impossible for cyber criminals, hackers, and others with ill intent to crack an iPhone.

Sometimes, the fact that Apple regards their security this highly leads to issues. In 2016, the FBI asked Apple to unlock the iPhone 5c owned by Syed Rizwan Farook. Farook and his wife caused a bloodbath in December 2015 in the San Bernardino Department of Public Health when they shot fourteen people. Apple refused to unlock the phone, stating that they didn’t want to set “a dangerous precedent”. They also don’t want to invade their customers’ privacy and unlock the phones for the security services. The FBI decided to sue Apple because of this. They eventually didn’t go to court because an Israeli company helped them to unlock the phone.

A similar incident happened in 2017, when Devin Kelly opened fire on churchgoers in Texas. The FBI waited 48 hours to ask Apple for help in unlocking the shooter’s phone. The security services failed to unlock 7,775 iPhones in 2017. This shows that there has been a back and forth between Apple and the security services for many years.

Hide UI

Whenever the American police wants to get into a suspect’s phone, they will try to unlock it themselves. How? They will try to use passwords that are often used, to see if they might work. Apple has taken many measures over the years to try and stop this. Security experts think that certain technology companies sell tools to the police that can crack a phone. But these tools have difficulty to crack security codes of six or more characters.

Two unnamed sources have told NBC News that the police now uses new software to crack iPhones. This software is called Hide UI and was developed by Grayshift. The company sells products to security services that will help them to unlock iPhones. The sources say that this means that the police no longer needs the passwords to access to phones. The software tracks the passcode when it’s entered into a phone.

Non-disclosure Agreement

Hide UI is a type of spyware, which is software that secretly collects information on a user. This can then be used, for instance, to create a profile on a person or sell personal information to third parties. The use of spyware is often connected to cybercriminals who use it to monitor their victims. But NBC’s sources now say that the police use it quite often as well. They say that the police will install the spyware on a suspect’s smartphone and will then ask them to use it to make a call. The police get what they need as soon as they type in their password.

Hide UI was developed a year ago, but was always hidden from the public. Up until now we didn’t know that the software was used, because anyone doing business with Grayshift was asked to sign a non-disclosure agreement (NDA).

Worries

Lawyers, forensic experts, and privacy advocates are worried now that the use of the software has come to light. They are concerned about the fact that the police uses Hide UI without notifying the suspect beforehand and without the police getting a court order first. “This is messed up. Public oversight of policing is a fundamental value of democracy,” said Jennifer Granick, an attorney from the American Civil Liberties Union (ACLU).

Grayshift declined to comment on the existence of Hide UI. The company’s CEO did say that “Grayshift develops technology that allows law enforcement agencies to gain access to critical digital evidence during the course of criminal investigations,” and that they “take every precaution to ensure that access to our technology is limited, and our customer agreements require that it be used lawfully. Our customers are law enforcement professionals of the highest caliber who use our tool only with appropriate legal authority”.

Apple did not comment on NBC’s report.

Cybersecurity analyst
David is a cyber security analyst and one of the founders of VPNoverview.com. Interested in the "digital identity" phenomenon, with special attention to the right to privacy and protection of personal data.

More articles from the ‘News’ section

Comments
Leave a comment
Leave a comment