iPhone spyware lets police log suspects' passcodes when cracking doesn't work
https://www.nbcnews.com/tech/security/iphone-spyware-lets-cops-log-suspects-passcodes-when-cracking-doesn-n1209296
^
"For example, a law enforcement official could tell the suspect they can call their lawyer or take some phone numbers off the device. Once the suspect has done this, even if they lock their phone again, Hide UI will have stored the passcode in a text file that can be extracted the next time the phone is plugged into the GrayKey device. Law enforcement can then use the passcode to unlock the phone and extract all the data stored on it."
One question I have for people familiar with iPhone hardware is how it is possible to transfer files or install an app of any sort while the phone is locked? Is the cache partition not protected by Secure Enclave?
@voltronic ^ I'm wondering that too.
@john_b
For example, in normal circumstances when you plug in a locked iPhone to a Mac or PC, what happens?
Android phones (at least all the ones I've used) will show a storage device and assign it a drive letter, but it will not mount until the phone is unlocked and you press "allow".
@voltronic Yep, all my experience is with Android, and it's exactly as you describe.
Debugging connections also don't work until you unlock the phone and allow the host to connect.
@john_b
I can confirm, from my years of rooting and playing around with alternative OSes.
Interesting stuff here. The whole idea of the trusted/paired accessory thing seems a really odd choice in the context of increasing USB security.
https://blog.elcomsoft.com/2019/09/usb-restricted-mode-in-ios-13-apple-vs-graykey-round-two/