As The DOJ Continues To Complain About Encryption, Cellebrite (Again) Announces It Can Crack Any IPhone

from the do-y'all-not-get-the-internet? dept

On Monday, June 17, Deputy Attorney General Jeffrey Rosen said this during his speech to the National Sheriffs’ Association:

In recent years, criminals have become more and more adept at using technology to avoid law enforcement in what we call “going dark.” While “going dark” has many manifestations, some of its greatest impacts are in the areas of encryption, in assuring the security of information. But, as you well know, encryption also allows criminals to frustrate law enforcement’s access to evidence — even where a neutral judge has found probable cause and ordered that we have access to that evidence.

I guess the “going dark” crowd doesn’t get out much.

On Friday afternoon, the Israeli forensics firm and law enforcement contractor Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it’s calling UFED Premium. In marketing that update, it says that the tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3, released just a month ago. Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy S9. No other law enforcement contractor has made such broad claims about a single product, at least not publicly.

It was announced very publicly. This wasn’t a press release sent only to government agencies or the byproduct of leaked internal documents. It was announced on the company’s Twitter account, letting everyone know Cellebrite is apparently beating almost every device maker at their own encryption game. Like GrayKey’s offering, Cellebrite’s updated encryption-breaker is hardware that can be used on site by purchasers, allowing law enforcement agencies to perform their own cracking and extraction.

Sure, the flaws used to bypass device security will be patched, and Cellebrite and its competitors will keep digging around in device hardware/software to find holes to exploit. The security vs. insecurity war will continue. But for all the weak arguments made by the head of the FBI — especially the ones about Apple, etc. “profiting” from locking out law enforcement — it would seem companies like Cellebrite are more likely to directly profit from device encryption. Encryption on phones is a standard offering, not a selling point. Tools that break encryption? Now, that’s where the real money is.

Cellebrite, along with companies like GrayKey, are providing the solutions the FBI and DOJ think device manufacturers should be creating for them. We don’t hear much from FBI officials about third party offerings because this agency would prefer a permanent fix delivered by Congress and the courts, rather than spend any of their own money and time trying to find a solution. The FBI has been misleading and dishonest for the entirety of its “going dark” campaign, all the while claiming tech companies would willingly give the FBI what it wants — encryption backdoors — if they would just engage in an “honest” conversation about the issue.

Filed Under: , , , , ,
Companies: apple, cellebrite

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “As The DOJ Continues To Complain About Encryption, Cellebrite (Again) Announces It Can Crack Any IPhone”

Subscribe: RSS Leave a comment
Anonymous Coward says:

All that being said, I think that Cellebrite’s claims have a number of asterisks attached. I don’t think their methods will unlock all phones, just phones that use the default configuration, on all OS versions and hardware versions.

My phone has debug and multimedia communications locked out by default and is protected by a 13+ alphanumeric password. They’re not getting in via the communications port, they’re not getting in via 6-digit password attacks, they’re not getting in via facial recognition or fingerprint hash faking.

So unless they’ve found some side channel technique that doesn’t depend on one of those methods, they’re not getting into my phone. Not that it matters; there’s nothing there worth getting into. I just don’t believe in making it easy for people trying to access other people’s PII without permission.

James Burkhardt (profile) says:

FBI: Apple has such strong encryption the USA can not break it.

Cellbrite: We broke it.

Apple: We have securely encrypted your private data to the best of our ability, able to block the US government’s best hackers and still bad actors are capable of breaking into your phone. People want to hold us accountable for data breaches. Why the FUCK should we install an intentional hole in our security?

I think John Oliver’s encryption ad says it even better.

Anonymous Coward says:

Re: The software has been available online for over a year

You can still find it on file sharing services.

Maybe you should read the fucking article you idiot (and liar)… Here let me help you:

Cellebrite’s updated encryption-breaker is hardware that can be used on site by purchasers,

How can a hardware device be found on file sharing services? Do you not know the difference between hardware and software? Let me help you again:


Now be a good little idiot and go read those two articles and when you are more informed, then you can come back and maybe have a conversation with the grown-ups.

Anonymous Coward says:

Re: Re: The software has been available online for over a year

How can a hardware device be found on file sharing services?

I don’t know whether the statement is true, but a lot of devices sold as "hardware" are general-purpose machines that do all the interesting stuff in software ("firmware"). A journalist or the company calling it hardware doesn’t mean much.

Anonymous Coward says:

Re: Re: The software has been available online for over a year

I think things are a little backward. it’s been Android that’s been quite easy to break into. It used to be most of the time encryption wasn’t even turned on as it showed the phones down to much. These days that’s no the norm anyway, but security is still quite weak with Android.

Have you ever heard of the FBI complaining about not breaking into Android phones? NO!!! It’s always iPhones. As for Cerllebrite saying they can get into any iPhone. I find that hard to believe. Maybe a large percentage as so many people use pretty weak passcodes. It is a cat and mouse game. Maybe as some point after finding a new hole they can finally get into that iPhone, even though there has since been a iOS update to fix it. That phone they’ve held onto doesn’t have that new iOS version. SO they finally crack it.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...