Cellebrite pitching iPhone hacking tools as a way to stop COVID-19

Posted:
in General Discussion
Multiple smartphone surveillance and data extraction companies, including iPhone hacking firm Cellebrite, are pitching their products to governments as an alternative method of tracking the spread of COVID-19.

Cellebrite's forensic hardware is said to be able to extract data from a range of locked iPhones.
Cellebrite's forensic hardware is said to be able to extract data from a range of locked iPhones.


While tech giants and device makers like Apple and Google are focusing on privacy-respecting methods to trace the spread of coronavirus, companies that produce spying or surveillance software are looking at new ways to market their products during the crisis.

Cellebrite, a firm famous for producing iPhone-hacking tools, is actively pitching those tools to authorities tracking the spread of COVID-19, according to a Reuters report on Tuesday.

One email that Cellebrite sent to an Indian police force theorized that law enforcement could use the company's tools to gather location data and contacts from a phone to "quarantine the right people."

While this would normally happen with a user's consent, Cellebrite said that there are legally justified cases in which police could use their tools to break into an acquired device -- such as if an iPhone is confiscated when someone violates public gathering orders. "We do not need the phone passcode to collect the data," the Cellebrite spokesperson said in the pitch email.

The Cellebrite pitches are just part of a new wave of private intelligence and surveillance companies attempting to repurpose and sell their tools to law enforcement to track the virus and enforce stay-at-home orders, according to Reuters.

At least eight such companies are pitching their tools to law enforcement entities across the globe. While none of them detailed which countries have purchased their products, four said that they piloting or delivering tools to curb coronavirus to at least a dozen countries in Europe, Asia and Latin America.

The Reuters report comes in the midst of a broader conversation at the intersection of privacy and public health.

In April, Apple and Google announced a new joint initiative to use Bluetooth signals as a way to track the spread of COVID-19 without compromising privacy or harvesting location data.

While some privacy advocates have concerns about the security limitations of Bluetooth, others have called the short-range contact tracing a "vast improvement" over the mass collection of GPS and cell site data.

But the Apple and Google solution is strictly opt-in, which raises questions about whether it could see the 60% adoption rate required for it to be effective. Apple and Google also require public health agencies to store contact data in a decentralized manner.

Several countries have been in standoffs with the tech giants over this requirement, or have outright refused to use the technology.

Mass and mandated collection of data is one alternative being floated. Israel, for example, is said to be testing a mass surveillance system developed by one of the cyber-intelligence companies, NSO Group, despite valid concerns about the ability of mass surveillance to offer precise enough data to curb the spread of coronavirus.

The Apple and Google system is said to be launching early on April 28, though it remains to be seen how or when public health agencies will deploy it. In the meantime, it appears that some countries may have access to ready-built but less-private ways to track the spread of COVID-19.

Comments

  • Reply 1 of 11
    Idiots.

    First off, they'd never be able to break into everyone's (or even a majority of users) phones. So it's meaningless to track the population when large chunks aren't included.

    Further, these companies are only to keep their exploits a secret by restricting who gets access. Which is why state actors use them against specific individuals as opposed to malware companies trying to use them to serve ads to millions. Using their "hacks" on a large number of people almost certainly guarantees them being discovered in a very short time, at which point Apple will release a patch making their tracking system useless in a matter of days.
    olsStrangeDays
  • Reply 2 of 11
    XedXed Posts: 1,030member
    Idiots.

    First off, they'd never be able to break into everyone's (or even a majority of users) phones. So it's meaningless to track the population when large chunks aren't included.

    Further, these companies are only to keep their exploits a secret by restricting who gets access. Which is why state actors use them against specific individuals as opposed to malware companies trying to use them to serve ads to millions. Using their "hacks" on a large number of people almost certainly guarantees them being discovered in a very short time, at which point Apple will release a patch making their tracking system useless in a matter of days.
    I don't think they're idiots. They're an unethical entity betting on others being idiots who will buy their product for pointless reasons.
    beeble42FLMusicArloTimetravelerhammeroftruthviclauyyclkruppwilliamlondonolsjony0bageljoey
  • Reply 3 of 11
    BeatsBeats Posts: 2,532member
    Ah so this is the cure.

    "One email that Cellebrite sent to an Indian police force theorized that law enforcement could use the company's tools to gather location data and contacts from a phone to "quarantine the right people."

    TL;DR Put them in jail.
  • Reply 4 of 11
    FLMusicFLMusic Posts: 17member
    It would’ve been a lot easier for governments to just work with Apple & Google. But no, they just have to stalk their citizens...
    viclauyyclkruppStrangeDaysjony0macseekerredgeminipa
  • Reply 5 of 11
    FLMusic said:
    It would’ve been a lot easier for governments to just work with Apple & Google. But no, they just have to stalk their citizens...
    They want to be the invasive eye and not give that privilege to someone else. What they don’t get is that Apple has been teaching Google about privacy and that their tracking is anonymous and not specific enough to give more personal information which those governments want.

    Cellbrite is a company that has ties to black hats that do contract work for 3rd world countries in order to suppress any policy and regime changes.
    edited April 2020 viclauyycFLMusic
  • Reply 6 of 11
    seanismorrisseanismorris Posts: 1,624member
    Idiots.

    First off, they'd never be able to break into everyone's (or even a majority of users) phones. So it's meaningless to track the population when large chunks aren't included.

    Further, these companies are only to keep their exploits a secret by restricting who gets access. Which is why state actors use them against specific individuals as opposed to malware companies trying to use them to serve ads to millions. Using their "hacks" on a large number of people almost certainly guarantees them being discovered in a very short time, at which point Apple will release a patch making their tracking system useless in a matter of days.
    Not idiots at all.  Many governments are looking for an excuse for unethical conduct, the coronavirus is providing the excuse.  Companies like Cellebrite are helping them craft their argument... and what to put on the bill.  Who’s going to argue about a small purchase to help stop the spread of the virus?  Who’s going to form a committee to discuss it?
    viclauyycFLMusic
  • Reply 7 of 11
    Rayz2016Rayz2016 Posts: 6,957member
    Times like this you see the best and worst in people. 

    These scumbags are the very worst.  
    viclauyycwilliamlondonStrangeDaysjony0lkrupp
  • Reply 8 of 11
    samrodsamrod Posts: 40unconfirmed, member
    The Apple and Google system is said to be launching early on April 28
    So early today? It's 12 minutes to noon.
  • Reply 9 of 11
    DAalsethDAalseth Posts: 1,735member
    Idiots.

    First off, they'd never be able to break into everyone's (or even a majority of users) phones. So it's meaningless to track the population when large chunks aren't included.

    Further, these companies are only to keep their exploits a secret by restricting who gets access. Which is why state actors use them against specific individuals as opposed to malware companies trying to use them to serve ads to millions. Using their "hacks" on a large number of people almost certainly guarantees them being discovered in a very short time, at which point Apple will release a patch making their tracking system useless in a matter of days.
    IMO it is the height of naïveté to think that malware companies, mafiosi, and other black hats don’t already have their tools. Maybe not from the company knowingly, but via a shell company, fake police force, or simple theft. The same rule applies to these that is applied to government mandated backdoors for law enforcement: If there is a door, or a tool, for the good guys, the bad guys will find it and use it.
    jony0
  • Reply 10 of 11
    StrangeDaysStrangeDays Posts: 11,597member
    Pathetic...
    lkruppcornchipFLMusic
  • Reply 11 of 11
    NotsofastNotsofast Posts: 450member
    Idiots.

    First off, they'd never be able to break into everyone's (or even a majority of users) phones. So it's meaningless to track the population when large chunks aren't included.

    Further, these companies are only to keep their exploits a secret by restricting who gets access. Which is why state actors use them against specific individuals as opposed to malware companies trying to use them to serve ads to millions. Using their "hacks" on a large number of people almost certainly guarantees them being discovered in a very short time, at which point Apple will release a patch making their tracking system useless in a matter of days.
    That's not how it works.  First of all,  Cellebrite's devices and custom services are already used on thousands of phones each day.  (Android phones are easily broken by a Cellebrite devices,  with every new iOS and new iPhone, Cellebrite loses the ability to hack into iPhones for a while because the iOS is so much more secure).  Cellebrite doesn't disclose its hacks to law enforcement.  If they did, Apple and Google and the other companies would patch the vulnerabilities immediately.  Apple gets access to Cellebrite devices via third parties so they continue to play a cat and mouse game.
Sign In or Register to comment.