Cellebrite says it can pull data from any iOS device ever made

24

Comments

  • Reply 21 of 68
    MplsPMplsP Posts: 3,911member
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
    You’re such a sheep. You’ve been brainwashed not to even care about you’re own privacy. Let me guess, you also believe don’t believe in the 2nd Amendment because it’s impossible for governments to get out of control and the police are there to protect you. 

    Just because politicians have convinced you that you don’t need privacy or individual liberty doesn’t mean the rest of us are going to believe that BS.

    I’m fine with this technology, but Apple should do anything and everything to make it null and void to protect its customers. 
    And you seem prone to hyperbole and slippery slopes. Issues like this are not black and white. The fact that one company [claims it] has figured out how to access locked devices doesn't suddenly mean that the sky has fallen and passcodes are useless on our phones. 

    The right to privacy is not absolute and there are very legitimate cases in which government agencies should have access to devices. People seem to have a hard time distinguishing the difference between that and no privacy whatsoever. The fact that I recognize this fact doesn't mean I don't care about privacy, rather it means I understand that there are no absolutes.

    @gatorguy is correct - this doesn't affect vast majority of people and the degree of consternation far exceeds that. My main concern is not that they can break the encryption. My concern is that in the past they have sold devices which are completely unlocked, meaning they can be used by anyone who gets their hands on them. Requiring them to 'phone home' and get authorization before use would be far preferable. If a device gets lost, it could simply be deactivated and rendered useless.




    mwhitellamamuthuk_vanalingam
  • Reply 22 of 68
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    Wow. You’ve missed the whole shebang about the basic importance of privacy, haven’t you?

    Figures. 
    jbdragonStrangeDaysiqatedolostkiwipscooter63magman1979
  • Reply 23 of 68
    StrangeDaysStrangeDays Posts: 12,844member
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    Keep the change. Saying "My life is boring what do I care?" is naïve and foolish. 
    lostkiwipscooter63randominternetpersonmagman1979
  • Reply 24 of 68
    jameskatt2jameskatt2 Posts: 720member
    aplnub said:
    Anyone know how Apple goes about figuring out the exploit in a case like this?
    Apple buys the Cellebrite device.  Figures out how it gets gets data from iOS devices, then develops a patch to close the exploit. 

    Apple could also require 8 digits passcodes to make brute force attempts much more difficult to do.
    llama
  • Reply 25 of 68
    acejax805acejax805 Posts: 109member
    Professional criminals, nice. 
    GeorgeBMacllamamagman1979
  • Reply 26 of 68
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
    You’re such a sheep. You’ve been brainwashed not to even care about you’re own privacy. Let me guess, you also believe don’t believe in the 2nd Amendment because it’s impossible for governments to get out of control and the police are there to protect you. 

    Just because politicians have convinced you that you don’t need privacy or individual liberty doesn’t mean the rest of us are going to believe that BS.

    I’m fine with this technology, but Apple should do anything and everything to make it null and void to protect its customers. 
    Hey now, I’m just saying that hacking is becoming more prevalent in our society, BUT I have a much greater chance of having my details hacked from a company that I’ve provided them to: i.e. Facebook, Yahoo, Equifax. Those databases are under constant probing, unlike my personal IPhone. Do you realize that that they need to have my physical handset to hack it with a Cellebrite machine; right?
    gatorguy
  • Reply 27 of 68
    roakeroake Posts: 809member
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
    Privacy is privacy.  Once we give it up, it’s gone forever.
    edited June 2019 pscooter63magman1979
  • Reply 28 of 68
    titantigertitantiger Posts: 300member
    MplsP said:
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
    You’re such a sheep. You’ve been brainwashed not to even care about you’re own privacy. Let me guess, you also believe don’t believe in the 2nd Amendment because it’s impossible for governments to get out of control and the police are there to protect you. 

    Just because politicians have convinced you that you don’t need privacy or individual liberty doesn’t mean the rest of us are going to believe that BS.

    I’m fine with this technology, but Apple should do anything and everything to make it null and void to protect its customers. 
    And you seem prone to hyperbole and slippery slopes. Issues like this are not black and white. The fact that one company [claims it] has figured out how to access locked devices doesn't suddenly mean that the sky has fallen and passcodes are useless on our phones. 

    The right to privacy is not absolute and there are very legitimate cases in which government agencies should have access to devices. People seem to have a hard time distinguishing the difference between that and no privacy whatsoever. The fact that I recognize this fact doesn't mean I don't care about privacy, rather it means I understand that there are no absolutes.

    @gatorguy is correct - this doesn't affect vast majority of people and the degree of consternation far exceeds that. My main concern is not that they can break the encryption. My concern is that in the past they have sold devices which are completely unlocked, meaning they can be used by anyone who gets their hands on the Requiring them to 'phone home' and get authorization before use would be far preferable. If a device gets lost, it could simply be deactivated and rendered useless.


    Again, you are ignoring the fact that Cellebrite's cracking tools were leaked and found for sale on the dark web for anyone to get use if they ponied up the money.  When things like this are available to criminals, then the incentive to steal devices goes up exponentially because instead of having an iCloud locked device they can't sell, they can crack it, wipe it and resell it easy as pie.  And that's assuming they don't extract the data first and build a huge database of user data to later comb through looking for passwords and such for identify theft.

    It is still the same as it was when this issue first came up:  there is no such thing as a backdoor you can make available only for "legitimate" purposes.  If it's there for the good guys, it's there for the bad guys too and it will be found by them.
    GeorgeBMacanantksundaramlostkiwipscooter63magman1979
  • Reply 29 of 68
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
    You’re such a sheep. You’ve been brainwashed not to even care about you’re own privacy. Let me guess, you also believe don’t believe in the 2nd Amendment because it’s impossible for governments to get out of control and the police are there to protect you. 

    Just because politicians have convinced you that you don’t need privacy or individual liberty doesn’t mean the rest of us are going to believe that BS.

    I’m fine with this technology, but Apple should do anything and everything to make it null and void to protect its customers. 
    For the government to become a tyranny, it would most likely have to have strong support amongst the police and the Army. Support amongst the populace would likely be divided, possibly in favour of that government, as it was in Nazi Germany. By the time the slow drip of tyranny becomes a torrent, the country you love will already be gone and you'll be turning your gun on yourself as the tanks roll over your home; save the last bullet for yourself.
    GeorgeBMacanantksundaram
  • Reply 30 of 68
    shrekshrek Posts: 8member
    Tool like this on open market “make stealing iPhones great again”
    GeorgeBMac
  • Reply 31 of 68
    GeorgeBMacGeorgeBMac Posts: 11,421member
    The world is filled with international criminal nations.   Israel is one of them*.

    Currently, we are told that the "bad guy" is China -- but I don't see them doing these things.  But, can you imagine the outrage if they did?

    (* That is not "anti-semitic".   I'm talking about the country, not the religion or its people.  But those defending the actions of this criminal nation tend to hide behind the "anti-semitic" thing.)
  • Reply 32 of 68
    GeorgeBMacGeorgeBMac Posts: 11,421member
    MplsP said:
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
    You’re such a sheep. You’ve been brainwashed not to even care about you’re own privacy. Let me guess, you also believe don’t believe in the 2nd Amendment because it’s impossible for governments to get out of control and the police are there to protect you. 

    Just because politicians have convinced you that you don’t need privacy or individual liberty doesn’t mean the rest of us are going to believe that BS.

    I’m fine with this technology, but Apple should do anything and everything to make it null and void to protect its customers. 
    And you seem prone to hyperbole and slippery slopes. Issues like this are not black and white. The fact that one company [claims it] has figured out how to access locked devices doesn't suddenly mean that the sky has fallen and passcodes are useless on our phones. 

    The right to privacy is not absolute and there are very legitimate cases in which government agencies should have access to devices. People seem to have a hard time distinguishing the difference between that and no privacy whatsoever. The fact that I recognize this fact doesn't mean I don't care about privacy, rather it means I understand that there are no absolutes.

    @gatorguy is correct - this doesn't affect vast majority of people and the degree of consternation far exceeds that. My main concern is not that they can break the encryption. My concern is that in the past they have sold devices which are completely unlocked, meaning they can be used by anyone who gets their hands on the Requiring them to 'phone home' and get authorization before use would be far preferable. If a device gets lost, it could simply be deactivated and rendered useless.


    Again, you are ignoring the fact that Cellebrite's cracking tools were leaked and found for sale on the dark web for anyone to get use if they ponied up the money.  When things like this are available to criminals, then the incentive to steal devices goes up exponentially because instead of having an iCloud locked device they can't sell, they can crack it, wipe it and resell it easy as pie.  And that's assuming they don't extract the data first and build a huge database of user data to later comb through looking for passwords and such for identify theft.

    It is still the same as it was when this issue first came up:  there is no such thing as a backdoor you can make available only for "legitimate" purposes.  If it's there for the good guys, it's there for the bad guys too and it will be found by them.
    But, ahhh, Gee Whiz!   They told us that their intention was strictly to do good and spread peace and harmony throughout the world.

    I'm so disapointed!
  • Reply 33 of 68
    Cellebrite's previous exploits used USB via Lightning cable to brute force the passcode (4-6 digit PIN).  Then Apple disabled USB access unless the user trusts it. Now they say they can get around that and they already got around the erase after 10 attempts restriction.  It would be possible for Apple to alter iOS 13 either during this beta cycle or with a dot release soon after.  Setting a very strong password instead of a 4-6 digit passcode is recommended.  I mean using 16-20 characters or more using upper/lower/numeric/symbols and not containing dictionary words. A really good password will cause brute force attacks to likely fail even for the fastest computers.  You can then use TouchID/FaceID most of the time.  You can also engage emergency mode and that will lock the device or turn it off/reboot it.  Going through US or Australian Customs you may be asked to unlock your devices.  The devices can be seized if you refuse and you may not get them back any time soon if ever.  So what's a savvy person to do? Well with an iPhone that is iCloud backed up using a strong iCloud password and multi-factor authentication.  Well, you wipe your iPhone and setup as new. Give it a simple PIN and perhaps text a few people, etc.  Don't login to iCloud.  Then hand it over and give them the passcode.  When you get it back, connect to wifi and restore your backup.  Yes, it is a pain in the arse but it may be necessary.  Otherwise do not travel with your laptop and smartphone.  Buy a burner.  Already do that when going to China, Russia, etc.  Just too risky.  

    It is obvious that Cellebrite will continue it's pursuit and may already have many zero day exploits in it's bag of tricks waiting to be implemented only one at a time as Apple closes the loopholes.  Their entire business model depends on it.  That is also why their products are so insanely expensive and have moved into a subscription model.  One day it will all stop working, they need the money for R&D which is not cheap.  

    You can thank Snowden for releasing the knowledge that pretty much all mobile phones and most computers were hackable by the NSA.  Once word got out all the manufacturers and operating system providers started patching the zero day exploits.  Not to say that ALL communications and transportation are not monitored already.  If not actual data being intercepted at the very least, metadata is being collected which is almost as valuable.  Traffic cameras, license plate readers, vehicle GPS, mobile device GPS, cellular tower connections, Internet backbones, international phone trunks, email, SMS, all digital financial transactions, etc., etc., etc.  You can go fully dark with technology and hide in the woods but then you are seen on satellite.  This is the world we live in.  Just make sure the bad guys don't abuse it. Already happening in China and Google is helping them build it.  Obama's admin opened up access to the NSA systems to multiple agencies to the point that FBI contractors were running queries and unmasking US Persons (normally redacted by the NSA).  All this is starting to be investigated because these tools were never allowed prior to 9/11.  The addition of the FISA courts was to get a warrant to allow spying on US Citizens on US soil.   Except, the NSA has been doing it for decades they just weren't allowed to use it directly.  They might know a spy was operating and they could track that person, etc.  But they would have to do something like make an anonymous tip to the FBI, etc.  But now, it's almost wide open and there is serious evidence it's been abused.  It will all hit the fan in the next year if there is any hope of actual justice in this world.

    You are only paranoid if they really are not out to get you.
    anantksundarambrian65plsknowitall
  • Reply 34 of 68
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    “First they came for the Communists
    And I did not speak out
    Because I was not a Communist
    ,,,”
    anantksundaramGeorgeBMacmagman1979muthuk_vanalingam
  • Reply 35 of 68
    roake said:
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
    Privacy is privacy.  Once we give it up, it’s gone forever.
    Exactly. Without privacy, there is no first (speech) or fifth amendment (no self-incrimination) right.

    Or second amendment right, for that matter. 
    pscooter63magman1979
  • Reply 36 of 68
    gatorguygatorguy Posts: 24,178member
    roake said:
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
    Privacy is privacy.  Once we give it up, it’s gone forever.
    Then you gave it up the day you got a credit card, opened a bank account, were hired by someone, or passed your driver exam. All of those are giving up more or your "personal privacy" than this purported Cellebrite hack ever could.

    IMO Cellebrite is a non-issue for 99.8% of users who will NEVER encounter them or their software.

    Here's an idea instead of faux hand-wringing on the mountain top:
    Take your umbrage over lost personal privacy and look into into what credit bureaus are allowed to collect, share, and outright sell. It's right in front of your face and effects nearly every one of you every single day. That's worth at least a few minutes of your time, certainly more than whether Cellebrite can access some suspect's/criminal's phone under certain and specific circumstances and likely for a very good reason. But you (not you specifically) probably won't because off-the-cuff reaction to some headline is easy. Understanding takes more effort. 
    edited June 2019 MplsP1STnTENDERBITSmuthuk_vanalingam
  • Reply 37 of 68
    So a few things.

    This is a SERVICE from Cellbrite, not simply a matter of buying one of their forensics devices - ie you have to send them the iOS device.

    They almost certainly have a boot loader exploit that allows booting to a custom SW image, that uses the device itself to brute force the passcode.

    That approach is going to be rate limited by the Secure Enclave. That means that long/complex passcodes will defeat it, and its really only ~6 digits that will be impacted.

    Now they can claim "any" without caveats like "only really works for standard length passcodes or shorter" or "you have to plug in our dongle within 30 minutes of the phone locking", and not technically be lying. (it really comes down to your interpretation of "any" vs "all".


    brian65pls
  • Reply 38 of 68
    Reading through the comments it is easy to tell who is pro-Google. The pro-Google people, one person in particular, will try to convince others they have already given up their privacy and shouldn’t worry about Cellibrite can do. Even when Cellibrite cannot protect itself from being hacked, people will be told by the pro-Google camp, you’ve already given up your privacy, you don’t have anything to worry about from Cellibrite hackers. Admit you care about your privacy and the pro-Google camp will relentlessly try to convince you you’re safe since you’ve already given up your privacy. 

    Carefully read ear through the comments again to notice the recurring “you’ve already given up your privacy” overture. I recommend you care about your privacy because it is your privacy. Ignore the loud few who want you to convince you’ve given up your privacy. If your privacy has already been lost the loud few wouldn’t be here trying to convince you there are other things to worry about. 
    anantksundaramadamclostkiwiGeorgeBMacbrian65plspscooter63magman1979
  • Reply 39 of 68
    anantksundaramanantksundaram Posts: 20,403member
    gatorguy said:
    roake said:
    gatorguy said:
    It doesn't have any impact whatsoever on 99.8% of users IMO. TBH there's almost certainly going to be those rare instances where an already illegal activity and being able to access that person's a data may actually save lives and property. Personally it would be nothing I'd have even a second's concern about. I'm also sure that there's that segment who has so little to worry about in their lives that they'll create a mountain of hand-wringing concern over it for lack of anything else.

    Most folks really do have far more important issues to deal with, things that personally affect their lives. This isn't one of them. 

    Just my 2 cents. 
    I have to agree with this statement. The chances of a non-VIP like 99.8% of IPhone users having his phone compromised by a Cellebrite hacking process is virtually zero. 
    Privacy is privacy.  Once we give it up, it’s gone forever.
    Then you gave it up the day you got a credit card, opened a bank account, were hired by someone, or passed your driver exam. All of those are giving up more or your "personal privacy" than this purported Cellebrite hack ever could.

    IMO Cellebrite is a non-issue for 99.8% of users who will NEVER encounter them or their software.

    Here's an idea instead of faux hand-wringing on the mountain top:
    Take your umbrage over lost personal privacy and look into into what credit bureaus are allowed to collect, share, and outright sell. It's right in front of your face and effects nearly every one of you every single day. That's worth at least a few minutes of your time, certainly more than whether Cellebrite can access some suspect's/criminal's phone under certain and specific circumstances and likely for a very good reason. But you (not you specifically) probably won't because off-the-cuff reaction to some headline is easy. Understanding takes more effort. 
    This is an incredibly specious argument. There is simply no comparison between your willingly giving up information in return for a convenience where you expect the powers-that-be who handle that information to be careful and circumspect, with a situation in which the information is unwillingly, inconveniently given up with no expectation of privacy to follow.

    Moreover, a hack of a credit card company or a DMV does not result in your giving up your personal thoughts, personal (e.g., family, workplace) communication, privileged communications (e.g., with a doctor or a lawyer), your contacts, your calendar, your company's secrets or plans... the list is long.

    GG, shame on you for such dissembling nonsense.
    edited June 2019 lostkiwiGeorgeBMacmacxpresspscooter63randominternetpersonmagman1979
  • Reply 40 of 68
    robin huberrobin huber Posts: 3,949member
    You’d think Israelis of all people would not be pushing a device that enables totalitarian governments and their agencies to identify dissidents and “undesirables.”
    anantksundaram
Sign In or Register to comment.