Cellebrite and other iPhone hacking tools purchased by U.S. public schools
U.S. public schools are acquiring forensic tools meant for police and military use to hack into student and faculty iPhones across the U.S.
Cellebrite can be used to hack into student's iPhones depending on security settings
Apple places privacy and security above all else when designing the iPhone, yet government facilities and institutions like the FBI continue to seek backdoors for "the greater good." Despite pressure from the United States and Australian governments, among others, Apple has not broken its encryption or created a back door.
Companies like Cellebrite seek to profit from this dilemma by finding new vulnerabilities and hacks to bypass iPhone security. They package these vulnerabilities into devices called "mobile device forensic tools" or MDFTs and sell them for a big profit, mostly to law enforcement and other governmental agencies.
While police and the FBI have been known to deal with Cellebrite and other companies, the desire to break into iPhones is spreading. A report from Gizmodo says that several public school districts have begun purchasing the tools to use on students and faculty.
Cellebrite made headlines after the 2016 San Bernardino shooting when it was discovered that the FBI had purchased at least $2 million worth of Cellebrite products since 2012. Multiple police stations around the U.S. are also on record for possessing the forensic units in order to break into criminal's smartphones.
The school systems investigated have spent thousands on different forensic tools. Given existing precedent on student rights on a school's grounds, in most states, as long as the faculty have reasonable suspicion that a student is performing illegal activities they can search a student's phone. It is unknown if parents are being made aware of the capability in districts that possess the devices.
Apple continues to up its security standards with each new iPhone released
One such case in 2016 says a student granted the school access to their phone for a search. The phone was plugged into a Cellebrite machine and investigators were able to discover deleted text messages between the student and teacher, which lead to an arrest.
While cases like these occur, giving public schools unilateral access to forensic tools without oversight could lead to the invasion of hundreds of thousands of students privacy for the sake of "security." Due to laws surrounding the public school system students are not necessarily protected by the fourth amendment, and can be subject to search and seizure without due process.
"Cellebrites and Stingrays started out in the provenance of the U.S. military or federal law enforcement, and then made their way into state and local law enforcement, and also eventually make their way into the hands of criminals or petty tyrants like school administrators," says Cooper Quentin, senior staff technologist at the Electronic Frontier Foundation. "This is the inevitable trajectory of any sort of surveillance technology or any sort of weapon."
Concerns have been raised over this new development, surrounding school discipline, and approved staff who can use the device, and for what reasons. The lack of oversight on these phone penetration tools can prove to be serious attacks on student privacy and welfare.
Cellebrite and other forensic tools are only as good as the exploit they use to break into a device. With the proper device security, users can make it very difficult for such tools to work. Measures that smartphone users can take to lengthen the penetration process include use of an alphanumeric passcode, users disabling biometrics before handing over a phone, and enabling the ability for the phone to reset itself after 10 failed access attempts.
Cellebrite can be used to hack into student's iPhones depending on security settings
Apple places privacy and security above all else when designing the iPhone, yet government facilities and institutions like the FBI continue to seek backdoors for "the greater good." Despite pressure from the United States and Australian governments, among others, Apple has not broken its encryption or created a back door.
Companies like Cellebrite seek to profit from this dilemma by finding new vulnerabilities and hacks to bypass iPhone security. They package these vulnerabilities into devices called "mobile device forensic tools" or MDFTs and sell them for a big profit, mostly to law enforcement and other governmental agencies.
While police and the FBI have been known to deal with Cellebrite and other companies, the desire to break into iPhones is spreading. A report from Gizmodo says that several public school districts have begun purchasing the tools to use on students and faculty.
Cellebrite made headlines after the 2016 San Bernardino shooting when it was discovered that the FBI had purchased at least $2 million worth of Cellebrite products since 2012. Multiple police stations around the U.S. are also on record for possessing the forensic units in order to break into criminal's smartphones.
The school systems investigated have spent thousands on different forensic tools. Given existing precedent on student rights on a school's grounds, in most states, as long as the faculty have reasonable suspicion that a student is performing illegal activities they can search a student's phone. It is unknown if parents are being made aware of the capability in districts that possess the devices.
Apple continues to up its security standards with each new iPhone released
One such case in 2016 says a student granted the school access to their phone for a search. The phone was plugged into a Cellebrite machine and investigators were able to discover deleted text messages between the student and teacher, which lead to an arrest.
While cases like these occur, giving public schools unilateral access to forensic tools without oversight could lead to the invasion of hundreds of thousands of students privacy for the sake of "security." Due to laws surrounding the public school system students are not necessarily protected by the fourth amendment, and can be subject to search and seizure without due process.
"Cellebrites and Stingrays started out in the provenance of the U.S. military or federal law enforcement, and then made their way into state and local law enforcement, and also eventually make their way into the hands of criminals or petty tyrants like school administrators," says Cooper Quentin, senior staff technologist at the Electronic Frontier Foundation. "This is the inevitable trajectory of any sort of surveillance technology or any sort of weapon."
Concerns have been raised over this new development, surrounding school discipline, and approved staff who can use the device, and for what reasons. The lack of oversight on these phone penetration tools can prove to be serious attacks on student privacy and welfare.
Cellebrite and other forensic tools are only as good as the exploit they use to break into a device. With the proper device security, users can make it very difficult for such tools to work. Measures that smartphone users can take to lengthen the penetration process include use of an alphanumeric passcode, users disabling biometrics before handing over a phone, and enabling the ability for the phone to reset itself after 10 failed access attempts.
Comments
Is Apple not allowed to sue Cellebrite and shut them down? How is this different from intentionally intruding a business'/institution's privacy? How is it different from selling tools that allow you to open specific banks vault or an interceptor that can change prices at Wal-Mart registers?
The case mentioned in this story: the student gave consent, evidence was found implicating the teacher, and proper warrants were issued leading to an arrest.
The advice when dealing with the police is to refuse to go anywhere to answer questions and furthermore do not answer any questions even if you think or know you are innocent. If they have enough evidence to arrest someone they will do it otherwise they have nothing to learn unless you tell them.
The only reason to speak with the police is if you are reporting a crime.
This whole thing reminds of road blocks set up on a highway that is one of only two ways into a resort area. The police were asking every driver if it was ok to search their car without telling them specifically that it was optional. Many let the police search and many were arrested. I am not on the side of criminals, but this type of police work normalize bad behavior by the police.
If it is a school owned device, they can remotely clear the passcode without these hacking tools. This only makes sense if they are forcing their way in to a student owned device.
Now that sounds spot-on.
We have a thing called the Constitution. It protects us from criminals standing on either side of the badge.
That largely depends on the state and school district. Teacher salaries and benefits vary greatly -- from very generous to very stingy.