Thursday, May 21, 2020

Hide UI

Olivia Solon (via John Gruber):

Software called Hide UI, created by Grayshift, a company that makes iPhone-cracking devices for law enforcement, can track a suspect’s passcode when it’s entered into a phone, according to two people in law enforcement, who asked not to be named out of fear of violating non-disclosure agreements.


In order for this feature to work, law enforcement officials must install the covert software and then set up a scenario to put a seized device back into the hands of the suspect[…] For example, a law enforcement official could tell the suspect they can call their lawyer or take some phone numbers off the device. Once the suspect has done this, even if they lock their phone again, Hide UI will have stored the passcode in a text file that can be extracted the next time the phone is plugged into the GrayKey device.

See also: USB Restricted Mode in iOS 13: Apple vs. GrayKey, Round Two.


1 Comment RSS · Twitter

The dialog box shown implies "Hide UI" is a just mode of the GrayKey agent, which is presumably the actual malware.

"The screen shot showed a message on the screen of the iPhone stating that Hide UI also disables airplane mode and prevents anyone from wiping the device. This was corroborated by one of the law enforcement sources."

If someone is handed their phone in the scenario described, and they try to enable/disable airplane mode, what feedback will control center show? Would it give away the device's inability to enter airplane mode?

Leave a Comment