Leaked documents show breadth of iPhone data accessible by Cellebrite forensic tool
Thanks to the recent encryption debate many smartphone owners are keenly aware of personal data stored on their iPhone, from contacts to calendar entries to photo metadata and more. Newly leaked documents relating to Israeli digital forensics firm Cellebrite demonstrate how much of that information is available to law enforcement agencies, at least when a device is left unencrypted.
Source: ZDNet
Cellebrite is one of a number of firms specializing in cellphone cracking technology, or more specifically mobile device intrusion and data retrieval software and hardware. The company claims its UFED tool can bypass passcode locks, extract and decode almost all data from hundreds of smartphone and tablet models, including Apple hardware.
The capabilities of platforms like UFED are known but not widely discussed beyond certain circles. As revealed by ZDNet on Thursday, however, a series of extraction reports from an iPhone 5 running iOS 8 shows how much data can be gleaned from an unprotected handset, and subsequently the value of strong device encryption.
While not a definitive catalog of forensics capabilities available to law enforcement agencies, or customers willing to pay for services from Cellebrite and others, the leaked files reveal successful transfers of basic system information, calendar entries, voicemail messages, call logs, cookies, locations, notes and much more.
The publication notes the tool was even able to retrieve files a user recently deleted, though as anyone familiar with digital storage knows, "deleting" a file does not necessarily erase it from a hard drive or flash memory.
Most of the information extracted by Cellebrite's tool can also be downloaded by verified users through common software, including Apple's iTunes, but accessing data like configuration and database files requires a more involved procedure.
Law enforcement agencies have for years use UFED systems to extract mission critical data related to ongoing investigations. Notably, Cellebrite was at one time rumored to have assisted the Federal Bureau of Investigation bypass an iPhone 5c used by San Bernardino terrorist Syed Farook, though later reports suggested the agency actually purchased a zero-day exploit from gray hat hackers.
More recently, Cellebrite reportedly struck a deal with the Indian government to provide law enforcement officials in that country the tools to access a wide variety of devices.
It's worth reiterating that the target iPhone in featured in ZDNet's report was not protected by a passcode, meaning any and all present data was left unencrypted.
After taking initial steps toward protecting customers with Activation Lock in iOS 7, Apple enabled end-to-end data encryption in iOS 8. The company later introduced extremely sophisticated hardware-based safeguards with the Secure Enclave coprocessor and Touch ID in iPhone 5s. Cellebrite itself notes its UFED system is unable to crack passwords on iPhone 4S and above.
The latest iPhone and iPad hardware build on those early technologies to stay one step ahead of hackers and, controversially, the government. That being said, even the best methods can't protect users who refuse to passcode lock their device.
Source: ZDNet
Cellebrite is one of a number of firms specializing in cellphone cracking technology, or more specifically mobile device intrusion and data retrieval software and hardware. The company claims its UFED tool can bypass passcode locks, extract and decode almost all data from hundreds of smartphone and tablet models, including Apple hardware.
The capabilities of platforms like UFED are known but not widely discussed beyond certain circles. As revealed by ZDNet on Thursday, however, a series of extraction reports from an iPhone 5 running iOS 8 shows how much data can be gleaned from an unprotected handset, and subsequently the value of strong device encryption.
While not a definitive catalog of forensics capabilities available to law enforcement agencies, or customers willing to pay for services from Cellebrite and others, the leaked files reveal successful transfers of basic system information, calendar entries, voicemail messages, call logs, cookies, locations, notes and much more.
The publication notes the tool was even able to retrieve files a user recently deleted, though as anyone familiar with digital storage knows, "deleting" a file does not necessarily erase it from a hard drive or flash memory.
Most of the information extracted by Cellebrite's tool can also be downloaded by verified users through common software, including Apple's iTunes, but accessing data like configuration and database files requires a more involved procedure.
Law enforcement agencies have for years use UFED systems to extract mission critical data related to ongoing investigations. Notably, Cellebrite was at one time rumored to have assisted the Federal Bureau of Investigation bypass an iPhone 5c used by San Bernardino terrorist Syed Farook, though later reports suggested the agency actually purchased a zero-day exploit from gray hat hackers.
More recently, Cellebrite reportedly struck a deal with the Indian government to provide law enforcement officials in that country the tools to access a wide variety of devices.
It's worth reiterating that the target iPhone in featured in ZDNet's report was not protected by a passcode, meaning any and all present data was left unencrypted.
After taking initial steps toward protecting customers with Activation Lock in iOS 7, Apple enabled end-to-end data encryption in iOS 8. The company later introduced extremely sophisticated hardware-based safeguards with the Secure Enclave coprocessor and Touch ID in iPhone 5s. Cellebrite itself notes its UFED system is unable to crack passwords on iPhone 4S and above.
The latest iPhone and iPad hardware build on those early technologies to stay one step ahead of hackers and, controversially, the government. That being said, even the best methods can't protect users who refuse to passcode lock their device.
Comments
For a typical post-5S user who password protects their phone, can Cellebrite do anything? If so, why not say so? If not, what's the big deal with Cellebrite that's worthy of a laudatory article!?
Technically, all the data was still very much encrypted. It's useful to guarantee a secure device wipe. It also means you don't have to reencrypt everything if you ever decide to enable or change the passcode.
However, the master encryption key is directly accessible when there's no passcode enabled. (And since there's no passcode, you can easily gain access to iOS' backup service to grab data off the device if the owner hadn't previously enabled encrypted backups in iTunes)
So... they just turned it on and opened Messages app, Calendar app, Mail app etc. Can't anyone do this?
I'm switching to Android.
But now that we see our law enforcement/FBI and political leaders shift from investigating and attacking American enemies to their political enemies, it suddenly becomes much more relevant.
No passcode means it's wide open. Why demonstrate a tool that can't do anything more than what a simple set of finger gestures can do?
What I'd like to know is how easy it is to crack into the average Android device... they're "more open," after all.
This is why I'll never use an Android or other phone in India. The Indian government wants a "digital society" so that it can more easily spy on its citizens, to make sure they're not engaging in "anti-national" speech or activities, but they have absolutely ZERO concern for people's privacy and security.