Cellebrite says it can pull data from any iOS device ever made

Posted:
in General Discussion edited June 15
Israeli mobile device forensics company Cellebrite proclaimed on Friday that it can break into any iOS device, including those running iOS 12.3.

Cellebrite's Universal Forensic Extraction Device (UFED), used to acquire data from smartphones
Cellebrite's Universal Forensic Extraction Device (UFED), used to acquire data from smartphones


With an updated page heralding it's services, Cellebrite now says that it can "perform a full file system extraction on any iOS device" in addition to being able to perform what appears to be substantively the same on high-end android devices. And, that ability is available to law enforcement agencies that can pay for it, without sending the devices to Cellebrite for extraction.

The company claims that it can determine passcodes and perform unlocks for app Apple devices, giving purchasers the ability to perform a full file system extraction. On Android, the company says that all flagship Samsung devices can be similarly penetrated, with the addition of the ability to extract unallocated data to even glean information about deleted items.

Cellebrite is thought to be the firm that the FBI turned to crack the iPhone 5c of San Bernardino killer Syed Rizwan Farook. The FBI and Department pursued Apple to code a backdoor for iOS to penetrate the device, but were met with active opposition by CEO Tim Cook. Cook, and others, argued that the company would have to fundamentally compromise the security of iOS -- precisely because backdoors could be leaked or shared by government agencies, or else discovered independently.

"There's a public safety imperative here," Cellebrite Chief Marketing Officer Jeremy Nazarian said in an interview in 2018. "It's not like this is over the wire listening technology... it requires physical access. It's not like anyone is listening to your iPhone or my iPhone. There's nothing inherent in the technology that means it's open to misuse."

Despite Nazarian's comments, Apple's concerns had some merit. Cellebrite penetration tools were discovered for sale on the open market in February 2019, belying the assumption that any kind of back door could be kept safe.

Even prior to the San Bernardino debate, Cellebrite sprung up in response to law enforcement demands. Various U.S. officials have complained that Apple's insistence on end-to-end messaging encryption and full-disk encryption for devices is causing its products to "go dark" to law enforcement and spy agencies.

The battle between tech and the government has gone global, with the "Five Eyes" intelligence network -- including Australia, Canada, New Zealand, the U.K. and the U.S. -- claiming that "privacy is not an absolute." Legislation mandating bypasses of encryption, despite complaints, are winding through governmental agencies.
«134

Comments

  • Reply 1 of 68
    aplnubaplnub Posts: 2,591member
    Anyone know how Apple goes about figuring out the exploit in a case like this?
    brian65plscornchipwatto_cobra
  • Reply 2 of 68
    tzterritzterri Posts: 99member
    I'm guessing this is with simple 6 digit passcodes. I have a complex passcode that is 16 digits long.
    caladanianjbdragonmagman1979watto_cobra
  • Reply 3 of 68
    lkrupplkrupp Posts: 7,162member
    Lots of bragging. Let’s see them back it up. 
    spliff monkeywilliamlondonnetmageAppleExposedcornchipPetrolDaveolsmacxpressknowitallmagman1979
  • Reply 4 of 68
    aplnub said:
    Anyone know how Apple goes about figuring out the exploit in a case like this?
    As I understand it they attack the secure element through the USB port.  One assumes Apple has not found the exploit.  It is possible, likely even, that it is in hardware such that by sending signals across the USB wires that violate the USB protocol the hackers are able to induce a hardware malfunction that can then be further exploited to gain access.  

    This assumption is backed up by the change in iOS 12.3 that physically powers off the USB port after the phone has been locked for a time (30 minutes?)

    When dealing with hardware “off” is not always quite as absolute as one might wish, but I believe this puts an enormous crimp in their attack vectors. 

    The most interesting part of this story is that we get to see first hand the cat and mouse game that is just another day at the office for state sponsored  cyber warfare.  
    brian65plslongpathcharlesgresAppleExposedcaladanianStrangeDaysradarthekatchristophbpscooter63knowitall
  • Reply 5 of 68
    Mike WuertheleMike Wuerthele Posts: 4,650administrator
    aplnub said:
    Anyone know how Apple goes about figuring out the exploit in a case like this?
    As I understand it they attack the secure element through the USB port.  One assumes Apple has not found the exploit.  It is possible, likely even, that it is in hardware such that by sending signals across the USB wires that violate the USB protocol the hackers are able to induce a hardware malfunction that can then be further exploited to gain access.  

    This assumption is backed up by the change in iOS 12.3 that physically powers off the USB port after the phone has been locked for a time (30 minutes?)

    When dealing with hardware “off” is not always quite as absolute as one might wish, but I believe this puts an enormous crimp in their attack vectors. 

    The most interesting part of this story is that we get to see first hand the cat and mouse game that is just another day at the office for state sponsored  cyber warfare.  
    Given that the company is now claiming that they can penetrate iOS 12.3, there may be a new avenue of attack.
    caladanianGeorgeBMac
  • Reply 6 of 68
    rob53rob53 Posts: 2,051member
    Time for Apple to buy one and reverse engineer it. When I worked for the DOE Israel was on the restricted contact list exactly for this reason, attacking American products. 
    longpathAppleExposedcaladaniancornchipanantksundaramjbdragonPetrolDavepscooter63magman1979badmonk
  • Reply 7 of 68
    gatorguygatorguy Posts: 20,764member
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    MplsPjony0
  • Reply 8 of 68
    aplnub said:
    Anyone know how Apple goes about figuring out the exploit in a case like this?

    They buy the services of Cellebrite through a shell company and see how it works.
    jbdragonwatto_cobra
  • Reply 9 of 68
    anonymouseanonymouse Posts: 6,580member
    [looks like deleting the duplicate deleted the original, or the forum automatically deletes dupes and I should have just waited]
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    Apparently, you missed this part:
    Cellebrite penetration tools were discovered for sale on the open market in February 2019

    Which means that it affects 100% of users, not just "bad guys". This is why Apple resisted the FBI's demands to create a back door. Once something like this is created, it can't be controlled; just witness what happened with the NSA's hacking tools.

    edited June 15 netmageSoliretrogustosocalbrianAppleExposedcaladanianjbdragonStrangeDaysradarthekatlostkiwi
  • Reply 10 of 68
    SoliSoli Posts: 8,984member
    tzterri said:
    I'm guessing this is with simple 6 digit passcodes. I have a complex passcode that is 16 digits long.
    What do you mean by complex? Upper and lower case letters and numbers?
    jbdragonwatto_cobra
  • Reply 11 of 68
    tzterri said:
    I'm guessing this is with simple 6 digit passcodes. I have a complex passcode that is 16 digits long.
    no, because, after each try, the time before you can try another code increase. and after a few try, you are lock out. 
    caladanian
  • Reply 12 of 68
    SoliSoli Posts: 8,984member
    [looks like deleting the duplicate deleted the original, or the forum automatically deletes dupes and I should have just waited]
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    Apparently, you missed this part:
    Cellebrite penetration tools were discovered for sale on the open market in February 2019

    Which means that it affects 100% of users, not just "bad guys". This is why Apple resisted the FBI's demands to create a back door. Once something like this is created, it can't be controlled; just witness what happened with the NSA's hacking tools.

    There are other stories with gov't agencies losing tools as having extremely weak passwords protecting tools that are used for cracking. Apple is right for lawfully not handing over the keys.
    caladanianPetrolDavepscooter63knowitallmagman1979watto_cobra
  • Reply 13 of 68
    SoliSoli Posts: 8,984member
    tzterri said:
    I'm guessing this is with simple 6 digit passcodes. I have a complex passcode that is 16 digits long.
    no, because, after each try, the time before you can try another code increase. and after a few try, you are lock out. 
    The English is a little broken but I think you're suggesting that Cellebrite's tool won't work because iOS will erase the device after 10 failed attempts, but Cellebrite has stated that they can bypass (or reset) that counter. They'd have for their system to work by any reasonable measure so I think it's safe to assume that they can, which is why a complex password with not only special characters, but extra special characters should be employed.

    anantksundaramwatto_cobra
  • Reply 14 of 68
    georgie01georgie01 Posts: 249member
    This is incontrovertible evidence that tech companies do not need to make back doors for government access. It will always be possible to crack technology, always. It should be a healthy a cat and mouse game. All the FBI and government officials have been saying is, ‘We’re either too lazy or too incompetent to crack these devices, so let’s make the tech companies make it easy for us.’ Companies like Cellebrite shouldn’t be a rarity but rather an essential component of any government security program.
    edited June 15 Solicaladaniancornchipradarthekatluke hamblyfahlman
  • Reply 15 of 68
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
  • Reply 16 of 68
    Anyone remember comet trying to force Apple to let the government have a backside?

    with all that’s come out about that loser, man it’s scary to think what he and his treasonous cronies wanted to do. Talk about abuse of power...

    It’s like political fiction come to life. 

    Lets say say a candidate for Congress, senate, presidency, etc. is gaining steam, but certain people in power don’t like it. If they just have your physical device for a moment (airport security, court metal detection, etc.) THry can have all your data, both personal to attack you with, and any political ideas, info you may have to help you get into office. 

    And then “somehow it leaks” out, causing damage. Or... it leaks to your opponents during a debate, etc. 

    super scary. And it should cause anger. 

    We’ve seen that the fbi is compromised by political bias and agenda. To the point where they are doing illegal things. And they are law high end enforcement!

    if certain people want you hurt regardless of guilt or innocence, you will be hurt. That kind of power needs to be put in check.  

    Hopefully apple figures a way to combat this. It’s a moving target, but so he it. Keep moving. 
    cornchipdocno42
  • Reply 17 of 68
    AppleExposedAppleExposed Posts: 1,215unconfirmed, member
    aplnub said:
    Anyone know how Apple goes about figuring out the exploit in a case like this?
    As I understand it they attack the secure element through the USB port.  One assumes Apple has not found the exploit.  It is possible, likely even, that it is in hardware such that by sending signals across the USB wires that violate the USB protocol the hackers are able to induce a hardware malfunction that can then be further exploited to gain access.  

    This assumption is backed up by the change in iOS 12.3 that physically powers off the USB port after the phone has been locked for a time (30 minutes?)

    When dealing with hardware “off” is not always quite as absolute as one might wish, but I believe this puts an enormous crimp in their attack vectors. 

    The most interesting part of this story is that we get to see first hand the cat and mouse game that is just another day at the office for state sponsored  cyber warfare.  
    Given that the company is now claiming that they can penetrate iOS 12.3, there may be a new avenue of attack.

    The could be vague and mean only some of every type of iPhone.

    For example, every model iPhone that hasn't had USB powered off.
    caladanian
  • Reply 18 of 68
    I remember when Apple actually used Cellebrite devices in their retail stores to transfer data from customer’s old phones to new iPhones. 
    macpluspluswelshdogGeorgeBMacpscooter63beowulfschmidt
  • Reply 19 of 68
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
    You’re such a sheep. You’ve been brainwashed not to even care about you’re own privacy. Let me guess, you also believe don’t believe in the 2nd Amendment because it’s impossible for governments to get out of control and the police are there to protect you. 

    Just because politicians have convinced you that you don’t need privacy or individual liberty doesn’t mean the rest of us are going to believe that BS.

    I’m fine with this technology, but Apple should do anything and everything to make it null and void to protect its customers. 
    fly8cornchipanantksundaramjbdragonStrangeDays80s_Apple_Guytitantigerpscooter63knowitallmagman1979
  • Reply 20 of 68
    wigbywigby Posts: 690member
    That is brute force and any computer can guess 6 digits in only a few hours. Cellebrite probably found another bootloader exploit in iOS.
    tzterri said:
    I'm guessing this is with simple 6 digit passcodes. I have a complex passcode that is 16 digits long.
Sign In or Register to comment.