We’ve talked several times about unlocking tools for Grayshift or, more specifically, the GrayKey, the black box you can connect to iPhones and (in most cases) have them unlocked in a matter of minutes or hours to access their content.
However, there are cases when neither GrayKey is able to crack the password of an iOS device. And guess what: Grayshift has a tool for these cases, also as recently discovered by NBC News.
The software in question is called Hide UI and “hides” on the iPhone that needs to be unlocked, like malware. Once installed on the device, simply return it to its owner: the next time the user enters the password, the software will capture this code and provide it to the person or group trying to break into the device.
The information was confirmed by the report by two people who work in legal agencies in the United States. They stated that Hide UI has been around for over a year and is offered to all groups and corporations that acquire GrayKey units; its existence, however, was unknown to the public at the time because of the confidentiality contracts signed during the negotiations.
Obviously, the existence of such a tool caused a stir in the technological community not unlike the other unlocking solutions of Grayshift or Cellebrite, incidentally. The lawyer for the American League for Civil Liberties (ACLU), Jennifer Granick, classified the existence of Hide UI as a clear violation of citizens' privacy rights:
That disturbing. Public oversight of policing is a fundamental value of democracy. With these unlocking tools, we see a real desire for secrecy on the part of the government.
David Miles, CEO of Grayshift, also spoke, stating as usual that the company makes sure to deal only with legal agencies and other groups on the “right” side of the story (whatever that means):
GrayShift develops technologies that allow law enforcement agencies to gain access to critical digital evidence during the criminal investigation process. We take every precaution to ensure that access to our technology is limited, and our usage contracts require that it be used only legally. Our clients are professionals of the highest caliber legal area, who use our tools only with the appropriate legal authorities.
Apple, for its part, did not comment on the case even though it issued a statement talking about the same topic just yesterday, when it responded to statements from the FBI (false, according to Ma) about the iPhone's unlocking process. Pensacola terrorist (Florida).
Obviously, tools like Hide UI must exist in droves under the hood, this is the first time that the existence of something like this has come to light. Even so, the report is still a strong reminder that, in all cases, there is no absolute protection of data when the other side wants to obtain it and is willing to do so in any way.
The problem, of course, is knowing where that "other side" is.