Cellebrite advertises its ability to unlock devices running iOS 11, including the iPhone X...
Cellebrite, the Israeli security firm believed to have helped the FBI unlock an iPhone during the San Bernardino investigation, is claiming it is capable of bypassing the security of devices running iOS 11 and older versions, including recently launched hardware including the iPhone 8 and iPhone X.
Cellebrite's Universal Forensic Extraction Device (UFED)
The company is said to be advising to its customers it has the ability to access devices running iOS 11, reports Forbes. A marketing document advertising the firm's Advanced Unlocking and Advanced Extraction services to law enforcement agencies advises iOS devices running iOS 5 through to iOS 11 can be accessed, including all iPhone, iPad, iPad Pro, and iPod touch models.
A report source claims the Department of Homeland Security successfully raided an iPhone X in a search for data in November 2017, most likely by using Celebrite's technology. A separate source involved in the police forensics community claims he was informed by Cellebrite it could unlock an iPhone 8, and believed it would also be true of the iPhone X.
Cellebrite's Advanced Unlocking service is marketed as the "industry's only solution" for defeating complex locks on market leading devices, including both iOS and Android smartphones and tablets. The paid service, available only to law enforcement, unlocks the device for the government agencies, allowing them to extract the data themselves.
The Advanced Extraction option is billed as the option to access the device's data if it is not accessible by conventional means, such as by full disk encryption. Under the service, the full file system is retrieved for the customer, providing access to emails, application data, geolocation data, and other items without jailbreaking or rooting the device.
If Cellebrite's claims are true, this effectively means it is possible for agencies like the FBI to pay to unlock any iOS device. In contrast to the alleged $900,000 supposedly paid to Cellebrite, the report suggests that the unlocking process can be relatively inexpensive, priced as low as $1,500 per device.
The apparent hack of the iPhone X using Cellebrite's tech was discovered in a warrant discovered by Forbes, with the phone owned by a suspect in an arms trafficking case. The iPhone X was taken from the suspect as he was about to leave the U.S. on November 20, was sent to a Cellebrite specialist at the DHS Homeland Security Investigations Grand Rapid labs, and the data extracted on December 5.
The warrant does not mention what data was discovered nor how it was accessed. The iPhone X owner is apparently now awaiting a trial on July 31, but it is unknown if the accessed data will be used in their prosecution.
Cellebrite's ability to access the contents of an iOS 11 device is surprising, considering the operating system's release also introduced new security features that made it harder to break. This includes the SOS mode disabling Touch ID, a move that effectively prevents police from forcing a suspect to unlock their iPhone using a fingerprint.
It is unknown exactly how Cellebrite is able to defeat iOS 11's security, and it is unlikely such information will be released, as Apple would almost certainly attempt to patch the security flaw as quickly as possible. Report sources claim the firm has developed new techniques to get in, but considering Apple's quick reactions to plug security holes, it is probably not one that has been publicly discovered.
A release of data from a hack of Cellebrite's servers last year revealed some of the workings behind its Universal Forensic Extraction Device, a unit that could pull a variety of data from a connected smartphone. Along with brand-specific exploits, the iOS-related code allegedly used scripts originally used to jailbreak iPhones, as well as firmware altered to break security on older devices.
Cellebrite's Universal Forensic Extraction Device (UFED)
The company is said to be advising to its customers it has the ability to access devices running iOS 11, reports Forbes. A marketing document advertising the firm's Advanced Unlocking and Advanced Extraction services to law enforcement agencies advises iOS devices running iOS 5 through to iOS 11 can be accessed, including all iPhone, iPad, iPad Pro, and iPod touch models.
A report source claims the Department of Homeland Security successfully raided an iPhone X in a search for data in November 2017, most likely by using Celebrite's technology. A separate source involved in the police forensics community claims he was informed by Cellebrite it could unlock an iPhone 8, and believed it would also be true of the iPhone X.
Cellebrite's Advanced Unlocking service is marketed as the "industry's only solution" for defeating complex locks on market leading devices, including both iOS and Android smartphones and tablets. The paid service, available only to law enforcement, unlocks the device for the government agencies, allowing them to extract the data themselves.
The Advanced Extraction option is billed as the option to access the device's data if it is not accessible by conventional means, such as by full disk encryption. Under the service, the full file system is retrieved for the customer, providing access to emails, application data, geolocation data, and other items without jailbreaking or rooting the device.
If Cellebrite's claims are true, this effectively means it is possible for agencies like the FBI to pay to unlock any iOS device. In contrast to the alleged $900,000 supposedly paid to Cellebrite, the report suggests that the unlocking process can be relatively inexpensive, priced as low as $1,500 per device.
The apparent hack of the iPhone X using Cellebrite's tech was discovered in a warrant discovered by Forbes, with the phone owned by a suspect in an arms trafficking case. The iPhone X was taken from the suspect as he was about to leave the U.S. on November 20, was sent to a Cellebrite specialist at the DHS Homeland Security Investigations Grand Rapid labs, and the data extracted on December 5.
The warrant does not mention what data was discovered nor how it was accessed. The iPhone X owner is apparently now awaiting a trial on July 31, but it is unknown if the accessed data will be used in their prosecution.
Cellebrite's ability to access the contents of an iOS 11 device is surprising, considering the operating system's release also introduced new security features that made it harder to break. This includes the SOS mode disabling Touch ID, a move that effectively prevents police from forcing a suspect to unlock their iPhone using a fingerprint.
It is unknown exactly how Cellebrite is able to defeat iOS 11's security, and it is unlikely such information will be released, as Apple would almost certainly attempt to patch the security flaw as quickly as possible. Report sources claim the firm has developed new techniques to get in, but considering Apple's quick reactions to plug security holes, it is probably not one that has been publicly discovered.
A release of data from a hack of Cellebrite's servers last year revealed some of the workings behind its Universal Forensic Extraction Device, a unit that could pull a variety of data from a connected smartphone. Along with brand-specific exploits, the iOS-related code allegedly used scripts originally used to jailbreak iPhones, as well as firmware altered to break security on older devices.
Comments
I am sure it is more useful than Shazam.
TouchID and FaceID might be good enough for Apple Pay, but they’re not good enough to secure the device (anymore).
The vulnerability was probably found as a result of this:
https://appleinsider.com/articles/18/02/07/source-code-for-ios-iboot-component-reportedly-leaks-online-could-lead-to-new-exploits
If you are concerned you might want to turn off the ability for the 2 to UNLOCK the device. If you are REALY concerned delete the saved Fingerprint, and go back to using a password for everything. I’m assuming everyone (that’s concerned) already has the wipe device option turned on (after 10 failed password attempts).
I also have some other ideas, but there is nothing users can do to protect themselves... as long as Idevices can be “jail broken” the solution has to come from Apple. Hopefully it’s not that... Apple has failed to prevent “jail brakes” and there is nothing that suggests that will change anytime soon.
Maybe this will help silence those pushing for backdoor access for a little while...
Cellibrite’s announcement is basically reporting a zero-day flaw in iOS. The problem is Apple has no information about the flaw, and Cellibrite isn’t likely to tell them.
The only thing I can think of is Apple buying rights to the exploit, and perhaps hiring them to find more. At that point Israel might get involved...
Also, there is nothing stopping someone else finding the same vulnerability, with the iBoot code already out there. Whatever happens this is going to cost Apple a bundle.
Assuming Apple hasn't provided a back-door, though, this is kind of the way it is supposed to be. The industry makes things as secure as possible. Crooks and 3-letter agencies try to break in. And, we all hope there are more 'good guys' that responsibly report the security holes, instead of selling them to crooks or 3-letter agencies.
It is more in this companies (and the FBI et al) interest to keep this information hidden...
UNLESS
you want to get the gullible to unlock their phone for you -
CIA: unlock your phone!
Person of Interest: No.
CIA: look, just go ahead and unlock it will you. We can get it unlocked anyway... haven’t you seen the news? It’s been on Twitter and everything... oh, and we’ll charge you the 1,500 plus shipping and handling also.
Person of Interest: Oh crikey, you’re right. Here, let me unlock that for you.