Israeli Tech Company Says It Can Crack Any Apple Smartphone
from the thus-endeth-the-going-dark-conversation dept
Could this be the answer to FBI Director Chris Wray’s call for broken device encryption?
In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.
Cellebrite, a Petah Tikva, Israel-based vendor that’s become the U.S. government’s company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.
Big, if true, but not exactly the answer Wray, and others like him, are seeking. Cellebrite claims it can crack any Apple device, including Apple’s latest iPhone. This is a boon for law enforcement, as long as they have the money to spend on it and the time to send the device to Cellebrite to crack it.
It won’t scale because it can’t. The FBI claims it has thousands of locked devices — not all of them Apple products — and no one from Cellebrite is promising fast turnaround times. Even if it was low-cost and relatively scalable, it’s unlikely to keep Wray from pushing for a government mandate. Whatever flaw in the architecture is being exploited by Cellebrite is likely to be patched up by Apple as soon as it can figure out the company’s attack vector. And, ultimately, the fact that it doesn’t scale isn’t something to worry about (though the FBI doubtless will). No one said investigating criminal activity was supposed to easy and, in fact, a handful of Constitutional amendments are in place to slow law enforcement’s roll to prevent the steamrolling of US citizens.
Cellebrite’s service apparently disables lockscreen protection, allowing the company to root around in the phone’s innards to pull out whatever law enforcement is seeking. This also apparently works with Android devices, although that news is far less surprising than discovering Apple’s security measures have been defeated. Default encryption isn’t an option for all Android devices and that operating system is generally considered to be the a pile of vulnerabilities d/b/a consumer software.
While this won’t end calls for weakened encryption, it does at least give law enforcement agencies another option to deploy against locked devices. But I don’t expect it to change the rhetoric. Those calling for “responsible encryption” don’t really want private sector solutions, no matter how much they claim to want to hold a “conversation” about lawful access. They want tech company subservience. They want the government — via judicial, executive, or legislative branch — to put companies in their place. In their opinion, tech companies have been getting uppity and forgetting the private sector exists to serve the government. It’s not just a Chris Wray problem. Plenty of government officials feel the same way. But the complaints about “going dark” are going to ring that much hollower when solutions are being offered by private companies other than the ones the FBI is just dying to smack around.
Filed Under: cracking, encryption, going dark, iphone, privacy, responsible encryption
Companies: apple, cellebrite
Comments on “Israeli Tech Company Says It Can Crack Any Apple Smartphone”
I don’t want to start a fanboy war here or anything, but isn’t Apple the company that has been releasing software that grants you root access by doing mundane things like using the password "root" or sometimes no password at all. Apple had to take some time off developing features for iOS 12 so they could plug up all their mistakes from 11.
Also, if you’re going to criticize something, probably helps to not call it "the a pile of vulnerabilities."
Re: Re:
When he said "vulnerabilities" I think he was referring about things that let other people into you phone, not things that that let you into your own phone. Th help you understand, by analogy, I don’t consider being to access the screws on my front door lock from the inside to be a "vulnerability". If the screws were on the outside that would be a vulnerability.
Re: Re:
Could have fooled me.
Re: Re: Re:
In that case I have a bridge to sell you.
Re: Re: Re: Re:
“In that case I have a bridge to sell you.”
Sounds about right. You would, wouldn’t you?
Re: Re:
Sad thing is you get to choose between Apple’s walled garden, closed source world or googles more open world, that is a data vacuum trying to suck up little scrap of information about you it can grab.
Neither one is a good option.
Apples security through obscurity, closed source system seems to be more secure. That though doesn’t really seem to be saying a whole lot.
Android is open so people can inspect it and try to harden it, but having real security is 100% against google’s best interest. They want to spy on you, so making your phone super secure is not good for them.
I am currently holding out hope that maybe this phone being built by purism will turn out good. I sadly am expecting it to come out and at least here in the USA I bet the wireless carriers are going to fight me when I try and put it on their network.
"It won't scale because it can't."
The Fourth Amendment does not want the search of personal assets to scale. That’s why there is a specific warrant requirement.
“Responsible encryption” however is the attempt to make the physical execution of the search scale to enable routine warrantless general surveillance: once the surveillance as such is hard to observe, it would be naive to assume that law enforcement would bother a whole lot with the unscalable specific warrant requirement.
“Safety of one’s assets against unreasonable search by agents of the government” is exactly what this attempts to abolish.
Re: 4th
yup. But from the practical police/government perspective … court warrants are only necessary if you intend to use the evidence gained in a court proceeding — otherwise you can do all the secret searches and surveillance you want and the judiciary will never notice.
—–
web gossip on this Apple stuff is that the Israeli company hired some former Apple engineers to crack the iPhone. Also, that the iPhone encryption was not cracked — but rather the software routine that limits password-entry attempts; this permits brute force attacks on iPhones having weak passwords. Extended physical access to the iPhone is required.
Re: Responsible Warrants
Responsible Warrants can do for real world searches and seizures what Responsible Encryption does for the digital world.
A judge grants a “Responsible Warrant” that is very specific in defining the bounds and parameters which limit the scope of the search. Namely, you are allowed to search anything, on anyone, anywhere, at any time without any supervision whatsoever.
Based on watching the last 20 years of history, I will go ahead and predict that Responsible Warrants are comming soon to a regime near you!
Re: Re: Responsible Warrants
Would you need a responsible judge to issue a responsible warrant in order to decrypt some of that sweet responsible encryption?
Re: "It won't scale because it can't."
That’s a rather bold statement, given that we don’t know the nature of the attack.
If I were the one carrying it out, I would specifically look for a scalable approach — and of course, I’d look for one that Apple would have difficulty defending against.
(imagine a 40 minute pause between that paragraph and this one)
I can think of one. It’ll work at scale. It’s relatively cheap. The biggest downside is that it would be known to too many people and thus would likely be detected. More thought clearly required.
Re: Re: "It won't scale because it can't."
Except that if it did scale, the would have been crowing about that in order to get bulk sales from groups like the NSA and FBI. That they didn’t is a good indicator that it’s difficult and takes too much time and effort to scale well.
Okay, I have to ask: What does d/b/a even mean?
Re: Re:
d/b/a = doing business as
Also, if you’re going to criticize something, probably helps to not call it "the a pile of vulnerabilities."
Poetic license – Look it up, you putrid mass of bile and pus.
Re: Re:
I’ll emphasize the problematic part.
See the error now?
[looks at my 2007 dumbphone]
They can get my call history off my phone. But they could get it from Verizon directly anyway.
Re: Re:
Getting your call history from your cell phone provider does not have that delightful dehumanizing appeal of forcibly taking it from your physical phone.
Re: Re: Re:
Plus, in boasting that his phone isn’t vulnerable to this kind of activity, he seems to be missing the simple fact that whichever other device he uses to access the internet probably isn’t encrypted out of the box – and thus easier for them to get data from than from a smartphone.
I wish IBM would make a phone architecture similar to the PC. Just give us some decent hardware and some documentation for it and we’ll deal with installing and securing the O/S.
This is what I don’t like about smartphones. You can’t audit or change any of the core, critical software that handles your security. Sure, there are alternate OSes like LineageOS but you need a compatible phone and you risk voiding the warranty in the process despite doing nothing at all to the hardware itself.
Re: Re:
Don’t forget about hardware issues. But yes, it would be awesome.
Re: Re: Re:
From the manual: … just open the phone and switch the IRQ jumpers from AB to BC, unless you’ve already changed jump J112 to the non-default position…
AAAAAAHHHHHHGGGGGGGG!!!!!
Re: Re:
Requiring people to use manufacturer-approved OSes only, as a condition of warranty, is
illegal in the USA: "Warrantors cannot require that only branded parts be used with the product in order to retain the warranty."
IBM couldn’t solve that problem. You’d still need a compatible phone.
Re: Re: Re:
Umm, no. That applies to branding, not modifications. Please educate yourself on the differences between full and limited warranties and the exclusions associated with product modifications.
Re: Re: Re:
“Requiring people to use manufacturer-approved OSes only, as a condition of warranty”
I think you’re confused about what that actually means, both with regard to software as a whole and to do with hardware. It’s saying that they can’t force you to use a part with specific branding, not that they have to retain warranty if you change a part for something completely different. They’re saying that they have to retain warranty if you use an off-brand oil filter, not that they have to support you if you swap the engine out for something else.
Unless they operate completely differently in the US, in my experience most suppliers of phones and PCs will ask you to do a factory reset if they feel it’s necessary to determine a hardware fault (with good reason – the vast majority of computer problems are caused by the crap people install after getting it home). They may not support the supplied OS if it’s been modified too much, why would they support and OS with which they have no experience or support agreements?
“IBM couldn’t solve that problem. You’d still need a compatible phone.”
Indeed. Quite apart from the strangeness of the idea that IBM would be the desired manufacturer in this day and age, if he’s referring to the original PC design as he seems to be – there is a reason competitors used to be referred to as “IBM compatible PCs”. Many others were available, IBM just happened to be the ones with popularity and relative ease of copying through standard off the shelf components.
Plus, he should learn some history, IBM would have happily monopolised the PC market had Compaq and others not managed to legally reverse engineer the BIOS. The spread of the PC was originally because it was easily copied once the BIOS was imitated, not because IBM intended to create something that lots of people could imitate.
Other things scale pretty well, like DNA testing, but LEOs certainly have a massive backlog of stuff like that.
Priorities, priorities…
They aren’t interested in solving crimes, justice, or even the all-holy conviction rate. Cops just wanna snoop.
Re: Re:
.. and rape kits
and yes, it does shed light upon their priorities.
Re: Re: Re:
Yes, that is the biggest backlog of DNA testing by several orders of magnitude.
They’ll swab someone they know they have run in on BS charges that won’t ever stick, and have that processed though. And totally keep that in the system forever. It’s cool.
Re: Re:
The FBI even changed their official description of their job from "law enforcement" to "nation security". They just wanna run around playing James Bond. That’s much more fun.
Re: Re: Re:
“national security”
It's an arms race
Today they can hack Apple’s phone.
Tomorrow they won’t be able to.
The next day, they will be able to once again.
Etc.
Wash, rinse, tail-recursion.
Cellebrite claims it can crack any Apple device
Wait, isn’t that illegal?
Re: Cellebrite claims it can crack any Apple device
Only if they were in the US… and didn’t work for the government.
Re: Re: Cellebrite claims it can crack any Apple device
What Newspeak is this? A crime committed for the government is not a crime? Why would the government of all people be above the law? They are even sworn in to the Constitution.
Ah yes, this is the U.S. Never mind.
Re: Re: Re: Cellebrite claims it can crack any Apple device
I do not think this trait is unique to one country as it seems to be ubiquitous amongst political entities.
Re: Re: Re: Cellebrite claims it can crack any Apple device
Ever seen a police car drive through a red light?
Re: Re: Cellebrite claims it can crack any Apple device
US law applies worldwide. Just ask the US government.
Curious. Does this apply to phones that are encrypted with a strong password? Or did they just find a way to keep it from nuking itself after so many wrong attempts so they can brute force a PIN/pattern?
took them long enough
I think it speaks to the great lengths Apple has gone through to secure their OS and device. Apple understood the inherent vulnerability of a device that lives in the open. Phones developed before iPhones weren’t really considered secure, nor had access to millions of third party apps/internet. Their walled garden is quite an accomplishment. To those wishing they could break open an iPhone and use the hardware but control the software; you aren’t grounded to reality. You complain about Apple not allowing you into their phone. But there are plenty of vendors that allow this, just not with Apple hardware. So don’t complain. Unless that is, you actually just want the Apple hardware.
Apple does almost all of its encryption on device. Think of the millions of dollars needed to research and develop a crack for Apple’s device up until this point. The value of their ecosystem is that the two (software and hardware) are inextricably tied to each other. And yes, I hope Apple finds out what this vulnerability is a patches it. Im sure they will like every other time. But I wouldn’t trade what I have with their system for anything else out there. The fact that so many people are working so hard to crack Apple’s system means they did and are doing something very right. Keep it up.
Re: took them long enough
That is IF this is even true and they can hack into any iPhone. Maybe it’s true, maybe it’s not. They’re spending a bundle figuring out how to go about it. Which means it’s still secure from most everyone, other than BIg Government with money to spend to break into the phones. They can’t just mass break into iPhones. It’s going to cost them for each phone they get into.
For everyone else, the phone is secure from most criminals. At some point, Apple will figure out what is going on and fix it. It is a cat and mouse game. At least it’s not wide open. Which is how a lot of Android phones still are. Encryption may not be turned on as it can slow the phone down quite a bit.
Looking at a phone after the fact doesn’t really stop anything. The Terrorists are already dead or at least did their bombing and killing. The police can’t seem to do any real work.
Re: took them long enough
True dat. It’s not your phone. It’s Apple’s phone. You’re just paying for the privilege of using it. Amirite, fan boi?
Needed improvement
I use Apple because they are most secure and the default encryption. However, I’ve always been suspect of the ability to see data simply by successfully entering the phone. I would like to see additional steps required after the phone is opened to access data.
Old news is soo exciting
Why do think this is News?
This has been rumored and finally know for several months now. Have you misplaced your fainting couch?
Come on TD you can do better than that.
Cheers oliver
Re: Old news is soo exciting
2. There’s a difference between unconfirmed rumours and confirmation from a specific source stating that they are claiming that they can do this publicly. The latter is what’s being talked about here.
3. If you’re going to mock people for not knowing what you know, at least have the common courtesy to include the link to your evidence, you just look like a dick otherwise.
Can't Hack my Iphone
They Can’t Hack my Iphone, because i don’t have….????
Re: Can't Hack my Iphone
Good for you. But, hopefully in your smug mockery you haven’t forgotten that whatever device you do own is probably at least as vulnerable, if not more so.