A new tool called Hide UI, part of the infamous GrayKey device used for gaining access to iPhones, can secretly record the keystrokes of a person entering in their iPhone lock screen passcode and save it to a file to later be retrieved by the authorities. Olivia Solon at NBC News has the details:
It can take minutes to crack a four-digit pin and less than a day to crack a six-digit pin, according to calculations by cryptographer Matthew Green, an Associate Professor of Computer Science at the Johns Hopkins Information Security Institute. For eight- and 10-digit passcodes it can take weeks or years. It is under these circumstances that Hide UI provides a way to get access to the device more quickly.
“If the standard agent doesn’t work, we can move to Plan B, which is Hide UI,” said one law enforcement professional familiar with the system.
In order for this feature to work, law enforcement officials must install the covert software and then set up a scenario to put a seized device back into the hands of the suspect. […]
So they give the phone back and say, “you can call your lawyer,” and the phone owner enters in their passcode. Hide UI sees the passcode as it’s being entered, saves it, and then law enforcement can retrieve the passcode after they get the phone back.
GrayKey also, of course, backs up the entire phone so the person can’t permanently delete data after they’ve been given the phone to make a call.
It does mean the person needs to be alive for them to enter their passcode, and it means the person has to be willing to trust their device after it has been out of their possession for an extended period of time. If a government ever removes your device from your sight, assume the device is compromised and never again touch it.