Data Extraction Company Cellebrite Advertising New Software for Cracking Devices Running iOS 11

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Feb 26, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Israel-based software developer Cellebrite, known for breaking into mobile devices like the iPhone to obtain sensitive data, recently began informing customers that it can circumvent the security of iOS devices running iOS 11, reports Forbes.

    With a way to break into iPhones running iOS 11, Cellebrite can potentially crack most of the iPhones available on the market. According to Forbes, the Department for Homeland Security was able to obtain data from an iPhone X in an arms-trafficking case in November, probably using Cellebrite technology to do so.

    [​IMG]

    A warrant found by Forbes suggests an iPhone X was sent to Cellebrite on November 20, with data successfully extracted on December 5. Based on the warrant, it's not clear how data was obtained, but given the time gap, it's unlikely Face ID was used.

    Cellebrite has not publicly announced or shared details on its ability to break into devices running iOS 11, but as noted by Forbes, the company's documentation [PDF] on what it can access now includes iPhones and iPads running iOS 11. Sources that spoke to Forbes have also confirmed the company is marketing its iOS 11 cracking techniques to law enforcement agencies around the world.
    Apple continually introduces improvements to the security of its operating systems in order to keep ahead of companies like Cellebrite that are always searching for flaws and vulnerabilities to exploit in order to access the data on locked iOS devices.

    In iOS 11, for example, Apple began requiring an iPhone's passcode to establish trust with a computer, a change from earlier versions of iOS that also would authenticate a connection via Touch ID. Apple also added a secret biometric disabling mechanism to its SOS feature, which shuts down Touch ID or Face ID and requires a password when the SOS screen is triggered by pressing on the Sleep/Wake or Side button five times in rapid succession.

    Still, even as Apple works to increase the security of its iOS devices, companies like Cellebrite work to find new ways to crack iOS devices and then sell their services to governments and other entities. Cellebrite also offers software that customers can purchase, but its most sensitive and secret tools, such as its method for unlocking devices running iOS 11, is not included to prevent Apple from finding and patching whatever vulnerability is being exploited.

    Instead, Cellebrite requires law enforcement to send locked devices to their labs to keep techniques secret.

    Cellebrite first garnered significant attention in 2016, when it was believed the company was enlisted to help the FBI break into the iPhone 5c of San Bernardino shooter Syed Farook after Apple refused to provide the FBI with tools to unlock the device.

    The FBI did not use Cellebrite's services for that particular case, but several United States government agencies do regularly work with Cellebrite to unlock iOS devices.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: Data Extraction Company Cellebrite Advertising New Software for Cracking Devices Running iOS 11
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    Wow, this is not good news for Apple, or Apple's customers
     
  3. skinned66 macrumors 65816

    skinned66

    Joined:
    Feb 11, 2011
    Location:
    Ottawa, Canada
    #3
    In before someone says if you're not criminal you have nothing to worry about.
     
  4. mistasopz macrumors 6502

    Joined:
    Apr 14, 2006
    #4
    So much for doubling down on security there Timmy.
     
  5. lowendlinux Contributor

    lowendlinux

    Joined:
    Sep 24, 2014
    Location:
    North Country (way upstate NY)
  6. iapplelove macrumors 601

    iapplelove

    Joined:
    Nov 22, 2011
    Location:
    East Coast USA
    #6
    It’s the Internet. Name me one thing that’s completely safe and secure?
     
  7. Saipher macrumors demi-god

    Saipher

    Joined:
    Oct 25, 2014
    Location:
    CA
    #7
    Apple should just buy Cellebrite for the heck of it, figure out what exploit they are using, patch it, and close down the company. I know things don't work out this way but sure it would be nice!
     
  8. LizKat macrumors 601

    LizKat

    Joined:
    Aug 5, 2004
    Location:
    Catskill Mountains
    #8
    It presumably requires having the phone in hand. Certainly seems less dire than the government managing to persuade software makers to build in backdoors bound to be taken up by hackers.
     
  9. Glmnet1 macrumors 6502a

    Joined:
    Oct 21, 2017
    #9
    Unless you're dead, can't you just wipe your phone remotely long before they get into it?
     
  10. citysnaps macrumors 601

    Joined:
    Oct 10, 2011
    Location:
    San Francisco
    #10
    Tell me about the circumstances where this would affect you personally.
     
  11. Michael Scrip, Feb 26, 2018
    Last edited: Feb 26, 2018

    Michael Scrip macrumors 603

    Joined:
    Mar 4, 2011
    Location:
    NC
    #11
    I understand what you're saying. But if the contents of your phone are that important... maybe the phone isn't the best place to store it.

    Besides... if your phone is being cracked by Cellebrite... you've already lost possession of the phone, right?

    You're either in jail while a warrant is issued... or you're dead.

    If you're so worried about your data being accessed... perhaps there should be a dead-man's switch where you have to login every 24 hours or else the phone will be automatically wiped.
     
  12. v0lume4 macrumors 68000

    v0lume4

    Joined:
    Jul 28, 2012
    #12
    There will always be a way to crack software. Always and forever. The trick is staying just one step ahead of the ones trying.

    Although I have to admit... that was fast. :eek: That was right after the launch of the X.
     
  13. bbrks macrumors 65816

    bbrks

    Joined:
    Dec 17, 2013
    #13
    I have no intention of becoming a criminal.....so I guess I am safe :)
     
  14. I7guy macrumors Core

    I7guy

    Joined:
    Nov 30, 2013
    Location:
    Gotta be in it to win it
    #14
    Yep, and then it can be rebuilt.
     
  15. Pbrutto macrumors 6502a

    Pbrutto

    Joined:
    Apr 21, 2015
    Location:
    Eastern PA
    #15
    Not if your in custody
     
  16. 78Bandit macrumors 6502a

    78Bandit

    Joined:
    Jun 13, 2009
    #16
    At this point I think Celebrite has a mole in Apple's OS development department.
     
  17. citysnaps macrumors 601

    Joined:
    Oct 10, 2011
    Location:
    San Francisco
    #17
    And that’s a good thing!
     
  18. longofest Editor emeritus

    longofest

    Joined:
    Jul 10, 2003
    Location:
    Falls Church, VA
    #18
    Then someone else will pop up in cellebrite's place. as someone else noted, if it can be built, it can be broken.

    This honestly doesn't worry me too much. It appears as though the level of security is still such that a government is not able to perform mass surveillance without warrants. What Cellebrite has created is an ability for governments to be able to prioritize their most sensitive cases and be able to push them forward. The only thing that gives me chills about it is the ability for authoritarian governments to kill off dissent, but then again, I wonder why they'd bother paying the fee.
     
  19. deanthedev Suspended

    deanthedev

    Joined:
    Sep 29, 2017
    Location:
    Vancouver
    #19
    Nonsense. How exactly is this bad news for me? Am I going to have my phone hacked into by Cellebrite or someone else? No and no.


    On a side note I found this interesting: “Instead, Cellebrite requires law enforcement to send locked devices to their labs to keep techniques secret.”

    How does this factor in with chain of custody for evidence? How can you verify the data came from the customers device without being allowed to see how it was accessed? IIRC there was an issue with this in another case where the FBI dropped charges because they didn’t want to give up how they got the data. It was a child porn case as I recall.
     
  20. daveak macrumors 6502

    Joined:
    Jun 28, 2009
    Location:
    Durham, UK
    #20
    Intent is not required citizen, only obedience.
     
  21. OldSchoolMacGuy Suspended

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #21
    Cellebrite is behind the other leaders. It's already been offered from others for some time. Cellebrite is just the most public about it. The others understand that it doesn't really benefit them to make it public. The general public isn't their potential clients, so there's no advantage to making it known to them. All it does is put more pressure on Apple to make changes that may make their jobs harder.
     
  22. centauratlas macrumors 65816

    centauratlas

    Joined:
    Jan 29, 2003
    Location:
    Florida
    #22
    Yeah, because (a) you KNOW that Cellebrite only sells to law enforcement (and law enforcement of a 'reputable' country, whatever that is), (b) Cellebrite has perfect security on their network and employees, and (c) no one else knows of the flaw.

    If you read the book "Three Felonies A Day" you will know that given the subjective and voluminous number of laws on the books in the US (not to mention the number of laws around the world) the average person commits three felonies PER DAY. Even if that is off by a factor of 1000 (which seems unlikely) that is still > 1 per year. So whatever your "intention" is, is pretty much irrelevant.

    Whether you are an Obama fan or a Trump fan or someone else fan, if you aren't concerned about the "other side" having this power in their hands, you should be.
     
  23. Radon87000 macrumors 604

    Joined:
    Nov 29, 2013
    #23
    Only to be cracked again.
     
  24. polterbyte macrumors 6502

    polterbyte

    Joined:
    Sep 24, 2012
    Location:
    Brazil
    #24
    Cellebrite must be charging a pretty penny for each phone it unlocks, and they seem to operate above board. For this I believe they are not the problem. The problem comes from the fact that by doing it so openly, they advertise it can be done, which, I believe, must make several thousand hackers around the world eager to duplicate the feat.
     
  25. OldSchoolMacGuy Suspended

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #25
    They aren't exploiting a thing. Just using the normal functions of iOS. This is why Apple doesn't patch this, as there's nothing wrong to patch. In the same way iTunes reads your iPhone and displays the content, forensic software does the same and allows indexing and analysis of the content.

    I've worked with Apple to sell this software to government around the world. They benefit from it. They aren't looking to secure things as nothing has been exploited.
     

Share This Page

112 February 26, 2018