Israeli Tech Company Says It Can Crack Any Apple Smartphone

from the thus-endeth-the-going-dark-conversation dept

Could this be the answer to FBI Director Chris Wray’s call for broken device encryption?

In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.

Cellebrite, a Petah Tikva, Israel-based vendor that’s become the U.S. government’s company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

Big, if true, but not exactly the answer Wray, and others like him, are seeking. Cellebrite claims it can crack any Apple device, including Apple’s latest iPhone. This is a boon for law enforcement, as long as they have the money to spend on it and the time to send the device to Cellebrite to crack it.

It won’t scale because it can’t. The FBI claims it has thousands of locked devices — not all of them Apple products — and no one from Cellebrite is promising fast turnaround times. Even if it was low-cost and relatively scalable, it’s unlikely to keep Wray from pushing for a government mandate. Whatever flaw in the architecture is being exploited by Cellebrite is likely to be patched up by Apple as soon as it can figure out the company’s attack vector. And, ultimately, the fact that it doesn’t scale isn’t something to worry about (though the FBI doubtless will). No one said investigating criminal activity was supposed to easy and, in fact, a handful of Constitutional amendments are in place to slow law enforcement’s roll to prevent the steamrolling of US citizens.

Cellebrite’s service apparently disables lockscreen protection, allowing the company to root around in the phone’s innards to pull out whatever law enforcement is seeking. This also apparently works with Android devices, although that news is far less surprising than discovering Apple’s security measures have been defeated. Default encryption isn’t an option for all Android devices and that operating system is generally considered to be the a pile of vulnerabilities d/b/a consumer software.

While this won’t end calls for weakened encryption, it does at least give law enforcement agencies another option to deploy against locked devices. But I don’t expect it to change the rhetoric. Those calling for “responsible encryption” don’t really want private sector solutions, no matter how much they claim to want to hold a “conversation” about lawful access. They want tech company subservience. They want the government — via judicial, executive, or legislative branch — to put companies in their place. In their opinion, tech companies have been getting uppity and forgetting the private sector exists to serve the government. It’s not just a Chris Wray problem. Plenty of government officials feel the same way. But the complaints about “going dark” are going to ring that much hollower when solutions are being offered by private companies other than the ones the FBI is just dying to smack around.

Filed Under: , , , , ,
Companies: apple, cellebrite

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Israeli Tech Company Says It Can Crack Any Apple Smartphone”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Default encryption isn’t an option for all Android devices and that operating system is generally considered to be the a pile of vulnerabilities d/b/a consumer software.

I don’t want to start a fanboy war here or anything, but isn’t Apple the company that has been releasing software that grants you root access by doing mundane things like using the password "root" or sometimes no password at all. Apple had to take some time off developing features for iOS 12 so they could plug up all their mistakes from 11.

Also, if you’re going to criticize something, probably helps to not call it "the a pile of vulnerabilities."

Anonymous Coward says:

Re: Re:

When he said "vulnerabilities" I think he was referring about things that let other people into you phone, not things that that let you into your own phone. Th help you understand, by analogy, I don’t consider being to access the screws on my front door lock from the inside to be a "vulnerability". If the screws were on the outside that would be a vulnerability.

Machin Shin says:

Re: Re:

Sad thing is you get to choose between Apple’s walled garden, closed source world or googles more open world, that is a data vacuum trying to suck up little scrap of information about you it can grab.

Neither one is a good option.

Apples security through obscurity, closed source system seems to be more secure. That though doesn’t really seem to be saying a whole lot.

Android is open so people can inspect it and try to harden it, but having real security is 100% against google’s best interest. They want to spy on you, so making your phone super secure is not good for them.

I am currently holding out hope that maybe this phone being built by purism will turn out good. I sadly am expecting it to come out and at least here in the USA I bet the wireless carriers are going to fight me when I try and put it on their network.

David says:

"It won't scale because it can't."

The Fourth Amendment does not want the search of personal assets to scale. That’s why there is a specific warrant requirement.

“Responsible encryption” however is the attempt to make the physical execution of the search scale to enable routine warrantless general surveillance: once the surveillance as such is hard to observe, it would be naive to assume that law enforcement would bother a whole lot with the unscalable specific warrant requirement.

“Safety of one’s assets against unreasonable search by agents of the government” is exactly what this attempts to abolish.

Anonymous Coward says:

Re: 4th

yup. But from the practical police/government perspective … court warrants are only necessary if you intend to use the evidence gained in a court proceeding — otherwise you can do all the secret searches and surveillance you want and the judiciary will never notice.


web gossip on this Apple stuff is that the Israeli company hired some former Apple engineers to crack the iPhone. Also, that the iPhone encryption was not cracked — but rather the software routine that limits password-entry attempts; this permits brute force attacks on iPhones having weak passwords. Extended physical access to the iPhone is required.

DannyB (profile) says:

Re: Responsible Warrants

Responsible Warrants can do for real world searches and seizures what Responsible Encryption does for the digital world.

A judge grants a “Responsible Warrant” that is very specific in defining the bounds and parameters which limit the scope of the search. Namely, you are allowed to search anything, on anyone, anywhere, at any time without any supervision whatsoever.

Based on watching the last 20 years of history, I will go ahead and predict that Responsible Warrants are comming soon to a regime near you!

Anonymous Coward says:

Re: "It won't scale because it can't."

That’s a rather bold statement, given that we don’t know the nature of the attack.

If I were the one carrying it out, I would specifically look for a scalable approach — and of course, I’d look for one that Apple would have difficulty defending against.

(imagine a 40 minute pause between that paragraph and this one)

I can think of one. It’ll work at scale. It’s relatively cheap. The biggest downside is that it would be known to too many people and thus would likely be detected. More thought clearly required.

JoeCool (profile) says:

Re: Re: "It won't scale because it can't."

That’s a rather bold statement, given that we don’t know the nature of the attack.

Except that if it did scale, the would have been crowing about that in order to get bulk sales from groups like the NSA and FBI. That they didn’t is a good indicator that it’s difficult and takes too much time and effort to scale well.

Anonymous Coward says:

I wish IBM would make a phone architecture similar to the PC. Just give us some decent hardware and some documentation for it and we’ll deal with installing and securing the O/S.

This is what I don’t like about smartphones. You can’t audit or change any of the core, critical software that handles your security. Sure, there are alternate OSes like LineageOS but you need a compatible phone and you risk voiding the warranty in the process despite doing nothing at all to the hardware itself.

Anonymous Coward says:

Re: Re:

Sure, there are alternate OSes like LineageOS but you need a compatible phone and you risk voiding the warranty in the process

Requiring people to use manufacturer-approved OSes only, as a condition of warranty, is
illegal in the USA: "Warrantors cannot require that only branded parts be used with the product in order to retain the warranty."

I wish IBM would make a phone architecture similar to the PC. … but you need a compatible phone

IBM couldn’t solve that problem. You’d still need a compatible phone.

Anonymous Coward says:

Re: Re: Re:

Requiring people to use manufacturer-approved OSes only, as a condition of warranty, is illegal in the USA:

Umm, no. That applies to branding, not modifications. Please educate yourself on the differences between full and limited warranties and the exclusions associated with product modifications.

PaulT (profile) says:

Re: Re: Re:

“Requiring people to use manufacturer-approved OSes only, as a condition of warranty”

I think you’re confused about what that actually means, both with regard to software as a whole and to do with hardware. It’s saying that they can’t force you to use a part with specific branding, not that they have to retain warranty if you change a part for something completely different. They’re saying that they have to retain warranty if you use an off-brand oil filter, not that they have to support you if you swap the engine out for something else.

Unless they operate completely differently in the US, in my experience most suppliers of phones and PCs will ask you to do a factory reset if they feel it’s necessary to determine a hardware fault (with good reason – the vast majority of computer problems are caused by the crap people install after getting it home). They may not support the supplied OS if it’s been modified too much, why would they support and OS with which they have no experience or support agreements?

“IBM couldn’t solve that problem. You’d still need a compatible phone.”

Indeed. Quite apart from the strangeness of the idea that IBM would be the desired manufacturer in this day and age, if he’s referring to the original PC design as he seems to be – there is a reason competitors used to be referred to as “IBM compatible PCs”. Many others were available, IBM just happened to be the ones with popularity and relative ease of copying through standard off the shelf components.

Plus, he should learn some history, IBM would have happily monopolised the PC market had Compaq and others not managed to legally reverse engineer the BIOS. The spread of the PC was originally because it was easily copied once the BIOS was imitated, not because IBM intended to create something that lots of people could imitate.

profssrfink says:

took them long enough

I think it speaks to the great lengths Apple has gone through to secure their OS and device. Apple understood the inherent vulnerability of a device that lives in the open. Phones developed before iPhones weren’t really considered secure, nor had access to millions of third party apps/internet. Their walled garden is quite an accomplishment. To those wishing they could break open an iPhone and use the hardware but control the software; you aren’t grounded to reality. You complain about Apple not allowing you into their phone. But there are plenty of vendors that allow this, just not with Apple hardware. So don’t complain. Unless that is, you actually just want the Apple hardware.

Apple does almost all of its encryption on device. Think of the millions of dollars needed to research and develop a crack for Apple’s device up until this point. The value of their ecosystem is that the two (software and hardware) are inextricably tied to each other. And yes, I hope Apple finds out what this vulnerability is a patches it. Im sure they will like every other time. But I wouldn’t trade what I have with their system for anything else out there. The fact that so many people are working so hard to crack Apple’s system means they did and are doing something very right. Keep it up.

Anonymous Coward says:

Re: took them long enough

That is IF this is even true and they can hack into any iPhone. Maybe it’s true, maybe it’s not. They’re spending a bundle figuring out how to go about it. Which means it’s still secure from most everyone, other than BIg Government with money to spend to break into the phones. They can’t just mass break into iPhones. It’s going to cost them for each phone they get into.

For everyone else, the phone is secure from most criminals. At some point, Apple will figure out what is going on and fix it. It is a cat and mouse game. At least it’s not wide open. Which is how a lot of Android phones still are. Encryption may not be turned on as it can slow the phone down quite a bit.

Looking at a phone after the fact doesn’t really stop anything. The Terrorists are already dead or at least did their bombing and killing. The police can’t seem to do any real work.

PaulT (profile) says:

Re: Old news is soo exciting

  1. This still isn’t a primary news source. The age of something being commented upon is irrelevant.

    2. There’s a difference between unconfirmed rumours and confirmation from a specific source stating that they are claiming that they can do this publicly. The latter is what’s being talked about here.

    3. If you’re going to mock people for not knowing what you know, at least have the common courtesy to include the link to your evidence, you just look like a dick otherwise.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...