Data Extraction Company Cellebrite Advertising New Software for Cracking Devices Running iOS 11

[usarioclave]

What I think is amusing is that I trust cellebrite more than I trust governments, because I believe that cellebrite is more motivated in keeping their stuff a secret...the last hack notwithstanding.

 

[diipii]

So many hand-bag clutchers on here should remember that gadgets like this are designed to move cash from your pocket and into Apple's. All the hype, poop and silliness is there to make you feel OK while this process happens. And the security of our nations and loved ones is not less important.

 

[efp722]

I understand what you're saying. But if the contents of your phone are that important... maybe the phone isn't the best place to store it.

Besides... if your phone is being cracked by Cellebrite... you've already lost possession of the phone, right?

You're either in jail while a warrant is issued... or you're dead.

If you're so worried about your data being accessed... perhaps there should be a dead-man's switch where you have to login every 24 hours or else the phone will be automatically wiped.

Not necessarily true. Back when I worked in the wireless industry, most stores used cellebrite machines to copy contact data from phone to phone. Kind of pointless now since most people are using gmail or icloud of contact storage, but still, I'm sure some people don't and most stores still use them in some way.

 

[mentaluproar]

And the security of our nations and loved ones is not less important.

An invasion of the privacy of citizens does not improve security. It weakens it.

 

[LizKat]

If you're so worried about your data being accessed... perhaps there should be a dead-man's switch where you have to login every 24 hours or else the phone will be automatically wiped.

Not necessarily true. Back when I worked in the wireless industry, most stores used cellebrite machines to copy contact data from phone to phone. Kind of pointless now since most people are using gmail or icloud of contact storage, but still, I'm sure some people don't and most stores still use them in some way.

First of all @Michael Scrip's remark quoted above made me laugh out loud and almost spill my tea. It's not that I disagree with him, though. It's that I live in a dead zone and tend to use an iPad on the net if not using a laptop, so on the odd occasion, my iPhone can sit around powered down for a week!

As for stores using some form of cellebrite software to copy contacts from a customer's old phone to his new one, I was not aware of that. My earlier point though about having to have the phone in hand still does seem valid... although I do wonder about that sometimes. Cellebrite itself I think has said that it requires the phone be provided to them so they can keep their "secret sauce" iOS cracking software in hand. It's not entirely clear that they can't access a phone remotely, but somehow it seems to me it would be pretty difficult to get a remote iPhone's current iOS to "hold still" while its functions get jacked.

 

[AZ63]

Wow, this is not good news for Apple, or Apple's customers

The Dark Lord will not be happy.
[doublepost=1519759412][/doublepost]

If it can be built it can be broken

Hey, that's what my 5 year old says.
[doublepost=1519759725][/doublepost]

Unless you're dead, can't you just wipe your phone remotely long before they get into it?

Not if is turned off or there is no network available. Stop the signal from reaching the phone and it can't be wiped.

 

[fmalloy]

Apple should just buy Cellebrite for the heck of it, figure out what exploit they are using, patch it, and close down the company. I know things don't work out this way but sure it would be nice!

Yep. The working MO of the 900lb. gorilla.

 

[Michael Scrip]

Not necessarily true. Back when I worked in the wireless industry, most stores used cellebrite machines to copy contact data from phone to phone. Kind of pointless now since most people are using gmail or icloud of contact storage, but still, I'm sure some people don't and most stores still use them in some way.

The Cellebrite machines that hook together two flip-phones to transfer contacts are different than the solutions used to crack iOS encryption.

Yes... Cellebrite has been around for a long time. But per this article... they've got something new to crack iOS devices.

 

[BugeyeSTI]

They are disabling the counter for guesses and the waiting period after ten tries so they can generate passcodes unlimited times. I would think any criminal or terrorist would choose a long alphanumeric passcorde to secure their phone. A 10 digit alphanumeric code would take Cellebrite so long to break that no one in that company would be alive to actually collect the data. If you have a 4 digit or weak passcode then they get in easily. Sooner or later Cellebrite will get a device that has a passcode that will take too long to crack. Besides, if they want to spend a million dollars a pop to get into phones, have at it. They’ll only use it for the most critical cases at that price.

 

[decafjava]

They are disabling the counter for guesses and the waiting period after ten tries so they can generate passcodes unlimited times. I would think any criminal or terrorist would choose a long alphanumeric passcorde to secure their phone. A 10 digit alphanumeric code would take Cellebrite so long to break that no one in that company would be alive to actually collect the data. If you have a 4 digit or weak passcode then they get in easily. Sooner or later Cellebrite will get a device that has a passcode that will take too long to crack. Besides, if they want to spend a million dollars a pop to get into phones, have at it. They’ll only use it for the most critical cases at that price.

I was just about to post this, here is an article on the issue which goes some way to debunking it.

https://arstechnica.com/information...can-unlock-any-iphone-for-some-values-of-any/

 

[You are the One]

Well, it's marketing material. It's also very un-specified as to what conditions need to be met in order for their process to function. Their customers will find that out as they inquire further. And you don't want to let ordinary people in on how to make their process not work, it's business remember.

Brute forcing 4-6 characters is quite plausible as @BugeyeSTI explains, Cellebrite "owning" the security architecture and controls to a degree they get in "regardless", not so much.

 

[decafjava]

They are disabling the counter for guesses and the waiting period after ten tries so they can generate passcodes unlimited times. I would think any criminal or terrorist would choose a long alphanumeric passcorde to secure their phone. A 10 digit alphanumeric code would take Cellebrite so long to break that no one in that company would be alive to actually collect the data. If you have a 4 digit or weak passcode then they get in easily. Sooner or later Cellebrite will get a device that has a passcode that will take too long to crack. Besides, if they want to spend a million dollars a pop to get into phones, have at it. They’ll only use it for the most critical cases at that price.

Not only, I think it would behoove ordinary folks to do the same.

 

[Tech198]

What I think is amusing is that I trust cellebrite more than I trust governments, because I believe that cellebrite is more motivated in keeping their stuff a secret...the last hack notwithstanding.

It's tough to keep secrets and be public figure... Ever tried that? It's next to impossible...

Even Apple has trouble, and they are up high on the list with privacy.

Your braver than me then,,, I don't trust any public company 100%