Israeli Tech Company Says It Can Crack Any Apple Smartphone

from the thus-endeth-the-going-dark-conversation dept

Could this be the answer to FBI Director Chris Wray's call for broken device encryption?

In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.

Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

Big, if true, but not exactly the answer Wray, and others like him, are seeking. Cellebrite claims it can crack any Apple device, including Apple's latest iPhone. This is a boon for law enforcement, as long as they have the money to spend on it and the time to send the device to Cellebrite to crack it.

It won't scale because it can't. The FBI claims it has thousands of locked devices -- not all of them Apple products -- and no one from Cellebrite is promising fast turnaround times. Even if it was low-cost and relatively scalable, it's unlikely to keep Wray from pushing for a government mandate. Whatever flaw in the architecture is being exploited by Cellebrite is likely to be patched up by Apple as soon as it can figure out the company's attack vector. And, ultimately, the fact that it doesn't scale isn't something to worry about (though the FBI doubtless will). No one said investigating criminal activity was supposed to easy and, in fact, a handful of Constitutional amendments are in place to slow law enforcement's roll to prevent the steamrolling of US citizens.

Cellebrite's service apparently disables lockscreen protection, allowing the company to root around in the phone's innards to pull out whatever law enforcement is seeking. This also apparently works with Android devices, although that news is far less surprising than discovering Apple's security measures have been defeated. Default encryption isn't an option for all Android devices and that operating system is generally considered to be the a pile of vulnerabilities d/b/a consumer software.

While this won't end calls for weakened encryption, it does at least give law enforcement agencies another option to deploy against locked devices. But I don't expect it to change the rhetoric. Those calling for "responsible encryption" don't really want private sector solutions, no matter how much they claim to want to hold a "conversation" about lawful access. They want tech company subservience. They want the government -- via judicial, executive, or legislative branch -- to put companies in their place. In their opinion, tech companies have been getting uppity and forgetting the private sector exists to serve the government. It's not just a Chris Wray problem. Plenty of government officials feel the same way. But the complaints about "going dark" are going to ring that much hollower when solutions are being offered by private companies other than the ones the FBI is just dying to smack around.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 28 Feb 2018 @ 4:22am

    Default encryption isn't an option for all Android devices and that operating system is generally considered to be the a pile of vulnerabilities d/b/a consumer software.

    I don't want to start a fanboy war here or anything, but isn't Apple the company that has been releasing software that grants you root access by doing mundane things like using the password "root" or sometimes no password at all. Apple had to take some time off developing features for iOS 12 so they could plug up all their mistakes from 11.

    Also, if you're going to criticize something, probably helps to not call it "the a pile of vulnerabilities."

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2018 @ 5:58am

      Re:

      When he said "vulnerabilities" I think he was referring about things that let other people into you phone, not things that that let you into your own phone. Th help you understand, by analogy, I don't consider being to access the screws on my front door lock from the inside to be a "vulnerability". If the screws were on the outside that would be a vulnerability.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2018 @ 6:19am

      Re:

      I don't want to start a fanboy war here or anything

      Could have fooled me.

      reply to this | link to this | view in chronology ]

    • identicon
      Machin Shin, 28 Feb 2018 @ 6:34am

      Re:

      Sad thing is you get to choose between Apple's walled garden, closed source world or googles more open world, that is a data vacuum trying to suck up little scrap of information about you it can grab.

      Neither one is a good option.

      Apples security through obscurity, closed source system seems to be more secure. That though doesn't really seem to be saying a whole lot.

      Android is open so people can inspect it and try to harden it, but having real security is 100% against google's best interest. They want to spy on you, so making your phone super secure is not good for them.

      I am currently holding out hope that maybe this phone being built by purism will turn out good. I sadly am expecting it to come out and at least here in the USA I bet the wireless carriers are going to fight me when I try and put it on their network.

      reply to this | link to this | view in chronology ]

  • identicon
    David, 28 Feb 2018 @ 4:31am

    "It won't scale because it can't."

    The Fourth Amendment does not want the search of personal assets to scale. That's why there is a specific warrant requirement.

    "Responsible encryption" however is the attempt to make the physical execution of the search scale to enable routine warrantless general surveillance: once the surveillance as such is hard to observe, it would be naive to assume that law enforcement would bother a whole lot with the unscalable specific warrant requirement.

    "Safety of one's assets against unreasonable search by agents of the government" is exactly what this attempts to abolish.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2018 @ 4:58am

      Re: 4th

      yup. But from the practical police/government perspective ... court warrants are only necessary if you intend to use the evidence gained in a court proceeding -- otherwise you can do all the secret searches and surveillance you want and the judiciary will never notice.

      -----

      web gossip on this Apple stuff is that the Israeli company hired some former Apple engineers to crack the iPhone. Also, that the iPhone encryption was not cracked -- but rather the software routine that limits password-entry attempts; this permits brute force attacks on iPhones having weak passwords. Extended physical access to the iPhone is required.

      reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 28 Feb 2018 @ 5:44am

      Responsible Warrants

      Responsible Warrants can do for real world searches and seizures what Responsible Encryption does for the digital world.

      A judge grants a "Responsible Warrant" that is very specific in defining the bounds and parameters which limit the scope of the search. Namely, you are allowed to search anything, on anyone, anywhere, at any time without any supervision whatsoever.

      Based on watching the last 20 years of history, I will go ahead and predict that Responsible Warrants are comming soon to a regime near you!

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 28 Feb 2018 @ 5:58am

        Re: Responsible Warrants

        Would you need a responsible judge to issue a responsible warrant in order to decrypt some of that sweet responsible encryption?

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2018 @ 7:01am

      Re: "It won't scale because it can't."

      That's a rather bold statement, given that we don't know the nature of the attack.

      If I were the one carrying it out, I would specifically look for a scalable approach -- and of course, I'd look for one that Apple would have difficulty defending against.

      (imagine a 40 minute pause between that paragraph and this one)

      I can think of one. It'll work at scale. It's relatively cheap. The biggest downside is that it would be known to too many people and thus would likely be detected. More thought clearly required.

      reply to this | link to this | view in chronology ]

      • icon
        JoeCool (profile), 28 Feb 2018 @ 8:18am

        Re: Re: "It won't scale because it can't."

        That's a rather bold statement, given that we don't know the nature of the attack.

        Except that if it did scale, the would have been crowing about that in order to get bulk sales from groups like the NSA and FBI. That they didn't is a good indicator that it's difficult and takes too much time and effort to scale well.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2018 @ 4:33am

    Okay, I have to ask: What does d/b/a even mean?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2018 @ 4:33am

    Also, if you're going to criticize something, probably helps to not call it "the a pile of vulnerabilities."

    Poetic license - Look it up, you putrid mass of bile and pus.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 28 Feb 2018 @ 7:38am

      Re:

      Poetic license - Look it up, you putrid mass of bile and pus.

      I'll emphasize the problematic part.

      "generally considered to be the a pile of vulnerabilities d/b/a consumer software."

      See the error now?

      reply to this | link to this | view in chronology ]

  • identicon
    TRX302, 28 Feb 2018 @ 4:49am

    [looks at my 2007 dumbphone]

    They can get my call history off my phone. But they could get it from Verizon directly anyway.

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 28 Feb 2018 @ 5:46am

      Re:

      Getting your call history from your cell phone provider does not have that delightful dehumanizing appeal of forcibly taking it from your physical phone.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 28 Feb 2018 @ 8:07am

        Re: Re:

        Plus, in boasting that his phone isn't vulnerable to this kind of activity, he seems to be missing the simple fact that whichever other device he uses to access the internet probably isn't encrypted out of the box - and thus easier for them to get data from than from a smartphone.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2018 @ 5:02am

    I wish IBM would make a phone architecture similar to the PC. Just give us some decent hardware and some documentation for it and we'll deal with installing and securing the O/S.

    This is what I don't like about smartphones. You can't audit or change any of the core, critical software that handles your security. Sure, there are alternate OSes like LineageOS but you need a compatible phone and you risk voiding the warranty in the process despite doing nothing at all to the hardware itself.

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 28 Feb 2018 @ 5:44am

      Re:

      Don't forget about hardware issues. But yes, it would be awesome.

      reply to this | link to this | view in chronology ]

      • icon
        JoeCool (profile), 28 Feb 2018 @ 6:27am

        Re: Re:

        From the manual: ... just open the phone and switch the IRQ jumpers from AB to BC, unless you've already changed jump J112 to the non-default position...

        AAAAAAHHHHHHGGGGGGGG!!!!!

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2018 @ 9:31am

      Re:

      Sure, there are alternate OSes like LineageOS but you need a compatible phone and you risk voiding the warranty in the process

      Requiring people to use manufacturer-approved OSes only, as a condition of warranty, is illegal in the USA: "Warrantors cannot require that only branded parts be used with the product in order to retain the warranty."

      I wish IBM would make a phone architecture similar to the PC. … but you need a compatible phone

      IBM couldn't solve that problem. You'd still need a compatible phone.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Mar 2018 @ 7:27am

        Re: Re:

        Requiring people to use manufacturer-approved OSes only, as a condition of warranty, is illegal in the USA:

        Umm, no. That applies to branding, not modifications. Please educate yourself on the differences between full and limited warranties and the exclusions associated with product modifications.

        reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 2 Mar 2018 @ 12:15am

        Re: Re:

        "Requiring people to use manufacturer-approved OSes only, as a condition of warranty"

        I think you're confused about what that actually means, both with regard to software as a whole and to do with hardware. It's saying that they can't force you to use a part with specific branding, not that they have to retain warranty if you change a part for something completely different. They're saying that they have to retain warranty if you use an off-brand oil filter, not that they have to support you if you swap the engine out for something else.

        Unless they operate completely differently in the US, in my experience most suppliers of phones and PCs will ask you to do a factory reset if they feel it's necessary to determine a hardware fault (with good reason - the vast majority of computer problems are caused by the crap people install after getting it home). They may not support the supplied OS if it's been modified too much, why would they support and OS with which they have no experience or support agreements?

        "IBM couldn't solve that problem. You'd still need a compatible phone."

        Indeed. Quite apart from the strangeness of the idea that IBM would be the desired manufacturer in this day and age, if he's referring to the original PC design as he seems to be - there is a reason competitors used to be referred to as "IBM compatible PCs". Many others were available, IBM just happened to be the ones with popularity and relative ease of copying through standard off the shelf components.

        Plus, he should learn some history, IBM would have happily monopolised the PC market had Compaq and others not managed to legally reverse engineer the BIOS. The spread of the PC was originally because it was easily copied once the BIOS was imitated, not because IBM intended to create something that lots of people could imitate.

        reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 28 Feb 2018 @ 5:10am

    Other things scale pretty well, like DNA testing, but LEOs certainly have a massive backlog of stuff like that.

    Priorities, priorities...

    They aren't interested in solving crimes, justice, or even the all-holy conviction rate. Cops just wanna snoop.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2018 @ 6:01am

      Re:

      .. and rape kits

      and yes, it does shed light upon their priorities.

      reply to this | link to this | view in chronology ]

      • icon
        orbitalinsertion (profile), 28 Feb 2018 @ 10:40am

        Re: Re:

        Yes, that is the biggest backlog of DNA testing by several orders of magnitude.

        They'll swab someone they know they have run in on BS charges that won't ever stick, and have that processed though. And totally keep that in the system forever. It's cool.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2018 @ 6:06am

      Re:

      They aren't interested in solving crimes, justice, or even the all-holy conviction rate. Cops just wanna snoop.

      The FBI even changed their official description of their job from "law enforcement" to "nation security". They just wanna run around playing James Bond. That's much more fun.

      reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 28 Feb 2018 @ 5:49am

    It's an arms race

    Today they can hack Apple's phone.

    Tomorrow they won't be able to.

    The next day, they will be able to once again.

    Etc.

    Wash, rinse, tail-recursion.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2018 @ 6:11am

    Cellebrite claims it can crack any Apple device

    Wait, isn't that illegal?

    reply to this | link to this | view in chronology ]

    • icon
      JoeCool (profile), 28 Feb 2018 @ 6:29am

      Re: Cellebrite claims it can crack any Apple device

      Only if they were in the US... and didn't work for the government.

      reply to this | link to this | view in chronology ]

      • identicon
        David, 28 Feb 2018 @ 7:13am

        Re: Re: Cellebrite claims it can crack any Apple device

        What Newspeak is this? A crime committed for the government is not a crime? Why would the government of all people be above the law? They are even sworn in to the Constitution.

        Ah yes, this is the U.S. Never mind.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 28 Feb 2018 @ 10:19am

          Re: Re: Re: Cellebrite claims it can crack any Apple device

          I do not think this trait is unique to one country as it seems to be ubiquitous amongst political entities.

          reply to this | link to this | view in chronology ]

        • icon
          Jeremy Lyman (profile), 1 Mar 2018 @ 4:21am

          Re: Re: Re: Cellebrite claims it can crack any Apple device

          Ever seen a police car drive through a red light?

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Mar 2018 @ 7:31am

        Re: Re: Cellebrite claims it can crack any Apple device

        Only if they were in the US

        US law applies worldwide. Just ask the US government.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2018 @ 7:41am

    Curious. Does this apply to phones that are encrypted with a strong password? Or did they just find a way to keep it from nuking itself after so many wrong attempts so they can brute force a PIN/pattern?

    reply to this | link to this | view in chronology ]

  • identicon
    profssrfink, 28 Feb 2018 @ 7:51am

    took them long enough

    I think it speaks to the great lengths Apple has gone through to secure their OS and device. Apple understood the inherent vulnerability of a device that lives in the open. Phones developed before iPhones weren't really considered secure, nor had access to millions of third party apps/internet. Their walled garden is quite an accomplishment. To those wishing they could break open an iPhone and use the hardware but control the software; you aren't grounded to reality. You complain about Apple not allowing you into their phone. But there are plenty of vendors that allow this, just not with Apple hardware. So don't complain. Unless that is, you actually just want the Apple hardware.

    Apple does almost all of its encryption on device. Think of the millions of dollars needed to research and develop a crack for Apple's device up until this point. The value of their ecosystem is that the two (software and hardware) are inextricably tied to each other. And yes, I hope Apple finds out what this vulnerability is a patches it. Im sure they will like every other time. But I wouldn't trade what I have with their system for anything else out there. The fact that so many people are working so hard to crack Apple's system means they did and are doing something very right. Keep it up.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2018 @ 11:03am

      Re: took them long enough

      That is IF this is even true and they can hack into any iPhone. Maybe it's true, maybe it's not. They're spending a bundle figuring out how to go about it. Which means it's still secure from most everyone, other than BIg Government with money to spend to break into the phones. They can't just mass break into iPhones. It's going to cost them for each phone they get into.

      For everyone else, the phone is secure from most criminals. At some point, Apple will figure out what is going on and fix it. It is a cat and mouse game. At least it's not wide open. Which is how a lot of Android phones still are. Encryption may not be turned on as it can slow the phone down quite a bit.

      Looking at a phone after the fact doesn't really stop anything. The Terrorists are already dead or at least did their bombing and killing. The police can't seem to do any real work.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Mar 2018 @ 7:36am

      Re: took them long enough

      You complain about Apple not allowing you into their phone.

      True dat. It's not your phone. It's Apple's phone. You're just paying for the privilege of using it. Amirite, fan boi?

      reply to this | link to this | view in chronology ]

  • identicon
    Leonard, 28 Feb 2018 @ 9:34am

    Needed improvement

    I use Apple because they are most secure and the default encryption. However, I've always been suspect of the ability to see data simply by successfully entering the phone. I would like to see additional steps required after the phone is opened to access data.

    reply to this | link to this | view in chronology ]

  • identicon
    oliver, 1 Mar 2018 @ 1:41am

    Old news is soo exciting

    Why do think this is News?
    This has been rumored and finally know for several months now. Have you misplaced your fainting couch?
    Come on TD you can do better than that.

    Cheers oliver

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 2 Mar 2018 @ 12:18am

      Re: Old news is soo exciting

      1. This still isn't a primary news source. The age of something being commented upon is irrelevant.

      2. There's a difference between unconfirmed rumours and confirmation from a specific source stating that they are claiming that they can do this publicly. The latter is what's being talked about here.

      3. If you're going to mock people for not knowing what you know, at least have the common courtesy to include the link to your evidence, you just look like a dick otherwise.

      reply to this | link to this | view in chronology ]

  • identicon
    Ali, 6 Mar 2018 @ 1:32am

    Can't Hack my Iphone

    They Can't Hack my Iphone, because i don't have....😂

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 6 Mar 2018 @ 1:46am

      Re: Can't Hack my Iphone

      Good for you. But, hopefully in your smug mockery you haven't forgotten that whatever device you do own is probably at least as vulnerable, if not more so.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.