By spying I didn't mean moving multi megabytes of data or reprogramming a processor. On a PC stealing passwords can be done by inserting a small uController that acts as a HID device on one side and talks with a USB keyboard on the opposite side. If you hide it into a keyboard and instruct it to record the first two lines one writes just after power on, which are almost always the system username and password, then add them to a flash into the microcontroller, then it's just a matter of social networking to get the data ("hey, here's a new keyboard, I'll trash the old one for you"). On phones one has to intercept screen taps, which is harder, but if you have access to the hardware and develop its drivers, you very likely can do that before passwords get encrypted. All it needs is a daemon reading taps and comparing them with the virtual keyboard key positions (assuming you haven't access to the virtual key output, which would make it even easier) once you have that daemon, tell it to read the system load and intercept what the user taps after a long sleep, which will very likely be the device pin. Want the bank password?, just read what the user taps when there's a bank app in foreground. I'm sorry for those laughing, but it can be done.