iPhone Hacking Company GrayKey Reinvents the Keylogger

A report from NBCNews mentions a tool from GrayKey called Hide UI, and until now has been kept secret from the public.

But another tool, previously unknown to the public, doesn’t have to crack the code that people use to unlock their phones. It just has to log the code as the user types it in.

Software called Hide UI, created by Grayshift, a company that makes iPhone-cracking devices for law enforcement, can track a suspect’s passcode when it’s entered into a phone, according to two people in law enforcement, who asked not to be named out of fear of violating non-disclosure agreements.

This is called a keylogger, and it is neither new nor revolutionary. It would be cheaper for police to use pen and paper to write down a suspect’s passcode, although there is that pesky fifth amendment.

Grayshift Increases Price as it Struggles to Hack iPhones

iOS forensics company Grayshift was forced to raise its prices last year, noting that “Forensic Access to iOS continues to increase in difficulty and complexity.”

“I think it’s going to get harder and harder to find these kinds of unlocking flaws, because Apple does control the entire stack,” Alex Stamos, director of the Stanford Internet Observatory and former Facebook chief security officer, previously told Motherboard. “I think a couple more hardware revisions of understanding the ways that these unlocks are happening and [Apple is] going to make it extremely difficult. Which then will bring this debate back…”

It’s a complex issue. On one hand it’s good news for Apple customers. On the other hand, it makes the government is fight tooth and nail to take away our security.

Here’s What Data is Accessible With Cloud Forensics

When a company like Cellebrite or GrayKey use their devices to break into your iPhone, it’s not just your local data that can be accessed. Using various types of “cloud forensics” or cloud extraction technology, they can get your data in the cloud as well. It’s a long read but worth it.

Cellebrite’s UFED Cloud Analyzer, for example, uses login credentials that can be extracted from the device to then pull a history of searches, visited pages, voice search recording and translations from Google web history and view text searches conducted with Chrome and Safari on iOS devices backed-up iCloud.

WIN an iPhone 16 Pro Max!