As The DOJ Continues To Complain About Encryption, Cellebrite (Again) Announces It Can Crack Any IPhone

from the do-y'all-not-get-the-internet? dept

On Monday, June 17, Deputy Attorney General Jeffrey Rosen said this during his speech to the National Sheriffs' Association:

In recent years, criminals have become more and more adept at using technology to avoid law enforcement in what we call “going dark.” While “going dark” has many manifestations, some of its greatest impacts are in the areas of encryption, in assuring the security of information. But, as you well know, encryption also allows criminals to frustrate law enforcement's access to evidence — even where a neutral judge has found probable cause and ordered that we have access to that evidence.

I guess the "going dark" crowd doesn't get out much.

On Friday afternoon, the Israeli forensics firm and law enforcement contractor Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it's calling UFED Premium. In marketing that update, it says that the tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3, released just a month ago. Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy S9. No other law enforcement contractor has made such broad claims about a single product, at least not publicly.

It was announced very publicly. This wasn't a press release sent only to government agencies or the byproduct of leaked internal documents. It was announced on the company's Twitter account, letting everyone know Cellebrite is apparently beating almost every device maker at their own encryption game. Like GrayKey's offering, Cellebrite's updated encryption-breaker is hardware that can be used on site by purchasers, allowing law enforcement agencies to perform their own cracking and extraction.

Sure, the flaws used to bypass device security will be patched, and Cellebrite and its competitors will keep digging around in device hardware/software to find holes to exploit. The security vs. insecurity war will continue. But for all the weak arguments made by the head of the FBI -- especially the ones about Apple, etc. "profiting" from locking out law enforcement -- it would seem companies like Cellebrite are more likely to directly profit from device encryption. Encryption on phones is a standard offering, not a selling point. Tools that break encryption? Now, that's where the real money is.

Cellebrite, along with companies like GrayKey, are providing the solutions the FBI and DOJ think device manufacturers should be creating for them. We don't hear much from FBI officials about third party offerings because this agency would prefer a permanent fix delivered by Congress and the courts, rather than spend any of their own money and time trying to find a solution. The FBI has been misleading and dishonest for the entirety of its "going dark" campaign, all the while claiming tech companies would willingly give the FBI what it wants -- encryption backdoors -- if they would just engage in an "honest" conversation about the issue.

Filed Under: doj, encryption, fbi, going dark, ios, iphone
Companies: apple, cellebrite


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 21 Jun 2019 @ 12:32pm

    All that being said, I think that Cellebrite's claims have a number of asterisks attached. I don't think their methods will unlock all phones, just phones that use the default configuration, on all OS versions and hardware versions.

    My phone has debug and multimedia communications locked out by default and is protected by a 13+ alphanumeric password. They're not getting in via the communications port, they're not getting in via 6-digit password attacks, they're not getting in via facial recognition or fingerprint hash faking.

    So unless they've found some side channel technique that doesn't depend on one of those methods, they're not getting into my phone. Not that it matters; there's nothing there worth getting into. I just don't believe in making it easy for people trying to access other people's PII without permission.

    reply to this | link to this | view in chronology ]

  • icon
    James Burkhardt (profile), 21 Jun 2019 @ 1:30pm

    FBI: Apple has such strong encryption the USA can not break it.

    Cellbrite: We broke it.

    Apple: We have securely encrypted your private data to the best of our ability, able to block the US government's best hackers and still bad actors are capable of breaking into your phone. People want to hold us accountable for data breaches. Why the FUCK should we install an intentional hole in our security?

    I think John Oliver's encryption ad says it even better.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jun 2019 @ 1:58pm

    Maybe the "going dark" claims refer to the DOJ closing it's eyes and wishing really, really hard Congress and the courts will do their work for them.

    reply to this | link to this | view in chronology ]

  • identicon
    Bobvious, 21 Jun 2019 @ 4:06pm

    Cellebrite Good Times, Come On!

    Sometime it seems the Sheriffs' concerns about "going dark" might be epidermal, not technological.

    reply to this | link to this | view in chronology ]

  • icon
    Zof (profile), 21 Jun 2019 @ 4:36pm

    The software has been available online for over a year

    You can still find it on file sharing services. It does unlock any iphone. It only works on some android phones apparently.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jun 2019 @ 5:18pm

      Re: The software has been available online for over a year

      You can still find it on file sharing services.

      Maybe you should read the fucking article you idiot (and liar)... Here let me help you:

      Cellebrite's updated encryption-breaker is hardware that can be used on site by purchasers,

      How can a hardware device be found on file sharing services? Do you not know the difference between hardware and software? Let me help you again:

      Hardware
      Software

      Now be a good little idiot and go read those two articles and when you are more informed, then you can come back and maybe have a conversation with the grown-ups.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Jun 2019 @ 8:32am

        Re: Re: The software has been available online for over a year

        How can a hardware device be found on file sharing services?

        I don't know whether the statement is true, but a lot of devices sold as "hardware" are general-purpose machines that do all the interesting stuff in software ("firmware"). A journalist or the company calling it hardware doesn't mean much.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jun 2019 @ 5:58pm

      Re: The software has been available online for over a year

      Links to it, or you are a liar and a racist.

      reply to this | link to this | view in chronology ]

      • identicon
        Dan, 21 Jun 2019 @ 11:41pm

        Re: Re: The software has been available online for over a year

        Liar I could see, but WTF in his post has any connection to racism?

        reply to this | link to this | view in chronology ]

    • identicon
      Canuck, 21 Jun 2019 @ 10:12pm

      Re: The software has been available online for over a year

      You're an asshat troll. Enjoy the downvotes I stick on every one of your posts.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Jun 2019 @ 11:09am

      Re: The software has been available online for over a year

      "It does unlock any iphone"

      Hahaha - in the real world, it is possible to alter an iphone in such a way that the info is lost forever.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Jun 2019 @ 8:14am

        Re: Re: The software has been available online for over a year

        I think things are a little backward. it's been Android that's been quite easy to break into. It used to be most of the time encryption wasn't even turned on as it showed the phones down to much. These days that's no the norm anyway, but security is still quite weak with Android.

        Have you ever heard of the FBI complaining about not breaking into Android phones? NO!!! It's always iPhones. As for Cerllebrite saying they can get into any iPhone. I find that hard to believe. Maybe a large percentage as so many people use pretty weak passcodes. It is a cat and mouse game. Maybe as some point after finding a new hole they can finally get into that iPhone, even though there has since been a iOS update to fix it. That phone they've held onto doesn't have that new iOS version. SO they finally crack it.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Jun 2019 @ 6:10am

    "it says that the tool can now unlock any iOS device cops can lay their hands on"

    That's quite the claim isn't it.

    Give them an iOS device that has been run over by a cement truck, tossed in a toilet, had multiple holes drilled in it, been irradiated in a microwave and struck by lightning.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.