Israeli Tech Company Says It Can Crack Any Apple Smartphone
from the thus-endeth-the-going-dark-conversation dept
Could this be the answer to FBI Director Chris Wray's call for broken device encryption?
In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.
Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.
Big, if true, but not exactly the answer Wray, and others like him, are seeking. Cellebrite claims it can crack any Apple device, including Apple's latest iPhone. This is a boon for law enforcement, as long as they have the money to spend on it and the time to send the device to Cellebrite to crack it.
It won't scale because it can't. The FBI claims it has thousands of locked devices -- not all of them Apple products -- and no one from Cellebrite is promising fast turnaround times. Even if it was low-cost and relatively scalable, it's unlikely to keep Wray from pushing for a government mandate. Whatever flaw in the architecture is being exploited by Cellebrite is likely to be patched up by Apple as soon as it can figure out the company's attack vector. And, ultimately, the fact that it doesn't scale isn't something to worry about (though the FBI doubtless will). No one said investigating criminal activity was supposed to easy and, in fact, a handful of Constitutional amendments are in place to slow law enforcement's roll to prevent the steamrolling of US citizens.
Cellebrite's service apparently disables lockscreen protection, allowing the company to root around in the phone's innards to pull out whatever law enforcement is seeking. This also apparently works with Android devices, although that news is far less surprising than discovering Apple's security measures have been defeated. Default encryption isn't an option for all Android devices and that operating system is generally considered to be the a pile of vulnerabilities d/b/a consumer software.
While this won't end calls for weakened encryption, it does at least give law enforcement agencies another option to deploy against locked devices. But I don't expect it to change the rhetoric. Those calling for "responsible encryption" don't really want private sector solutions, no matter how much they claim to want to hold a "conversation" about lawful access. They want tech company subservience. They want the government -- via judicial, executive, or legislative branch -- to put companies in their place. In their opinion, tech companies have been getting uppity and forgetting the private sector exists to serve the government. It's not just a Chris Wray problem. Plenty of government officials feel the same way. But the complaints about "going dark" are going to ring that much hollower when solutions are being offered by private companies other than the ones the FBI is just dying to smack around.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cracking, encryption, going dark, iphone, privacy, responsible encryption
Companies: apple, cellebrite
Reader Comments
The First Word
“I don't want to start a fanboy war here or anything, but isn't Apple the company that has been releasing software that grants you root access by doing mundane things like using the password "root" or sometimes no password at all. Apple had to take some time off developing features for iOS 12 so they could plug up all their mistakes from 11.
Also, if you're going to criticize something, probably helps to not call it "the a pile of vulnerabilities."
Subscribe: RSS
View by: Time | Thread
I don't want to start a fanboy war here or anything, but isn't Apple the company that has been releasing software that grants you root access by doing mundane things like using the password "root" or sometimes no password at all. Apple had to take some time off developing features for iOS 12 so they could plug up all their mistakes from 11.
Also, if you're going to criticize something, probably helps to not call it "the a pile of vulnerabilities."
[ link to this | view in thread ]
"It won't scale because it can't."
"Responsible encryption" however is the attempt to make the physical execution of the search scale to enable routine warrantless general surveillance: once the surveillance as such is hard to observe, it would be naive to assume that law enforcement would bother a whole lot with the unscalable specific warrant requirement.
"Safety of one's assets against unreasonable search by agents of the government" is exactly what this attempts to abolish.
[ link to this | view in thread ]
[ link to this | view in thread ]
Also, if you're going to criticize something, probably helps to not call it "the a pile of vulnerabilities."
Poetic license - Look it up, you putrid mass of bile and pus.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
They can get my call history off my phone. But they could get it from Verizon directly anyway.
[ link to this | view in thread ]
Re: 4th
-----
web gossip on this Apple stuff is that the Israeli company hired some former Apple engineers to crack the iPhone. Also, that the iPhone encryption was not cracked -- but rather the software routine that limits password-entry attempts; this permits brute force attacks on iPhones having weak passwords. Extended physical access to the iPhone is required.
[ link to this | view in thread ]
This is what I don't like about smartphones. You can't audit or change any of the core, critical software that handles your security. Sure, there are alternate OSes like LineageOS but you need a compatible phone and you risk voiding the warranty in the process despite doing nothing at all to the hardware itself.
[ link to this | view in thread ]
Priorities, priorities...
They aren't interested in solving crimes, justice, or even the all-holy conviction rate. Cops just wanna snoop.
[ link to this | view in thread ]
Responsible Warrants
A judge grants a "Responsible Warrant" that is very specific in defining the bounds and parameters which limit the scope of the search. Namely, you are allowed to search anything, on anyone, anywhere, at any time without any supervision whatsoever.
Based on watching the last 20 years of history, I will go ahead and predict that Responsible Warrants are comming soon to a regime near you!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
It's an arms race
Tomorrow they won't be able to.
The next day, they will be able to once again.
Etc.
Wash, rinse, tail-recursion.
[ link to this | view in thread ]
Re: Responsible Warrants
[ link to this | view in thread ]
Re:
When he said "vulnerabilities" I think he was referring about things that let other people into you phone, not things that that let you into your own phone. Th help you understand, by analogy, I don't consider being to access the screws on my front door lock from the inside to be a "vulnerability". If the screws were on the outside that would be a vulnerability.
[ link to this | view in thread ]
Re:
and yes, it does shed light upon their priorities.
[ link to this | view in thread ]
Re:
The FBI even changed their official description of their job from "law enforcement" to "nation security". They just wanna run around playing James Bond. That's much more fun.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Cellebrite claims it can crack any Apple device
[ link to this | view in thread ]
Re:
Could have fooled me.
[ link to this | view in thread ]
Re: Re:
AAAAAAHHHHHHGGGGGGGG!!!!!
[ link to this | view in thread ]
Re: Cellebrite claims it can crack any Apple device
[ link to this | view in thread ]
Re:
Neither one is a good option.
Apples security through obscurity, closed source system seems to be more secure. That though doesn't really seem to be saying a whole lot.
Android is open so people can inspect it and try to harden it, but having real security is 100% against google's best interest. They want to spy on you, so making your phone super secure is not good for them.
I am currently holding out hope that maybe this phone being built by purism will turn out good. I sadly am expecting it to come out and at least here in the USA I bet the wireless carriers are going to fight me when I try and put it on their network.
[ link to this | view in thread ]
Re: "It won't scale because it can't."
If I were the one carrying it out, I would specifically look for a scalable approach -- and of course, I'd look for one that Apple would have difficulty defending against.
(imagine a 40 minute pause between that paragraph and this one)
I can think of one. It'll work at scale. It's relatively cheap. The biggest downside is that it would be known to too many people and thus would likely be detected. More thought clearly required.
[ link to this | view in thread ]
Re: Re: Cellebrite claims it can crack any Apple device
Ah yes, this is the U.S. Never mind.
[ link to this | view in thread ]
Re:
I'll emphasize the problematic part.
See the error now?
[ link to this | view in thread ]
[ link to this | view in thread ]
took them long enough
Apple does almost all of its encryption on device. Think of the millions of dollars needed to research and develop a crack for Apple's device up until this point. The value of their ecosystem is that the two (software and hardware) are inextricably tied to each other. And yes, I hope Apple finds out what this vulnerability is a patches it. Im sure they will like every other time. But I wouldn't trade what I have with their system for anything else out there. The fact that so many people are working so hard to crack Apple's system means they did and are doing something very right. Keep it up.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: "It won't scale because it can't."
Except that if it did scale, the would have been crowing about that in order to get bulk sales from groups like the NSA and FBI. That they didn't is a good indicator that it's difficult and takes too much time and effort to scale well.
[ link to this | view in thread ]
Re:
Requiring people to use manufacturer-approved OSes only, as a condition of warranty, is illegal in the USA: "Warrantors cannot require that only branded parts be used with the product in order to retain the warranty."
IBM couldn't solve that problem. You'd still need a compatible phone.
[ link to this | view in thread ]
Needed improvement
[ link to this | view in thread ]
Re: Re: Re: Cellebrite claims it can crack any Apple device
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re:
They'll swab someone they know they have run in on BS charges that won't ever stick, and have that processed though. And totally keep that in the system forever. It's cool.
[ link to this | view in thread ]
Re: took them long enough
For everyone else, the phone is secure from most criminals. At some point, Apple will figure out what is going on and fix it. It is a cat and mouse game. At least it's not wide open. Which is how a lot of Android phones still are. Encryption may not be turned on as it can slow the phone down quite a bit.
Looking at a phone after the fact doesn't really stop anything. The Terrorists are already dead or at least did their bombing and killing. The police can't seem to do any real work.
[ link to this | view in thread ]
Old news is soo exciting
This has been rumored and finally know for several months now. Have you misplaced your fainting couch?
Come on TD you can do better than that.
Cheers oliver
[ link to this | view in thread ]
Re: Re: Re: Cellebrite claims it can crack any Apple device
[ link to this | view in thread ]
Re: Re: Re:
Sounds about right. You would, wouldn't you?
[ link to this | view in thread ]
Re: Re:
Umm, no. That applies to branding, not modifications. Please educate yourself on the differences between full and limited warranties and the exclusions associated with product modifications.
[ link to this | view in thread ]
Re: Re: Cellebrite claims it can crack any Apple device
US law applies worldwide. Just ask the US government.
[ link to this | view in thread ]
Re: took them long enough
True dat. It's not your phone. It's Apple's phone. You're just paying for the privilege of using it. Amirite, fan boi?
[ link to this | view in thread ]
Re: Re:
I think you're confused about what that actually means, both with regard to software as a whole and to do with hardware. It's saying that they can't force you to use a part with specific branding, not that they have to retain warranty if you change a part for something completely different. They're saying that they have to retain warranty if you use an off-brand oil filter, not that they have to support you if you swap the engine out for something else.
Unless they operate completely differently in the US, in my experience most suppliers of phones and PCs will ask you to do a factory reset if they feel it's necessary to determine a hardware fault (with good reason - the vast majority of computer problems are caused by the crap people install after getting it home). They may not support the supplied OS if it's been modified too much, why would they support and OS with which they have no experience or support agreements?
"IBM couldn't solve that problem. You'd still need a compatible phone."
Indeed. Quite apart from the strangeness of the idea that IBM would be the desired manufacturer in this day and age, if he's referring to the original PC design as he seems to be - there is a reason competitors used to be referred to as "IBM compatible PCs". Many others were available, IBM just happened to be the ones with popularity and relative ease of copying through standard off the shelf components.
Plus, he should learn some history, IBM would have happily monopolised the PC market had Compaq and others not managed to legally reverse engineer the BIOS. The spread of the PC was originally because it was easily copied once the BIOS was imitated, not because IBM intended to create something that lots of people could imitate.
[ link to this | view in thread ]
Re: Old news is soo exciting
2. There's a difference between unconfirmed rumours and confirmation from a specific source stating that they are claiming that they can do this publicly. The latter is what's being talked about here.
3. If you're going to mock people for not knowing what you know, at least have the common courtesy to include the link to your evidence, you just look like a dick otherwise.
[ link to this | view in thread ]
Can't Hack my Iphone
[ link to this | view in thread ]
Re: Can't Hack my Iphone
[ link to this | view in thread ]