Israeli Tech Company Says It Can Crack Any Apple Smartphone

from the thus-endeth-the-going-dark-conversation dept

Could this be the answer to FBI Director Chris Wray's call for broken device encryption?

In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.

Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

Big, if true, but not exactly the answer Wray, and others like him, are seeking. Cellebrite claims it can crack any Apple device, including Apple's latest iPhone. This is a boon for law enforcement, as long as they have the money to spend on it and the time to send the device to Cellebrite to crack it.

It won't scale because it can't. The FBI claims it has thousands of locked devices -- not all of them Apple products -- and no one from Cellebrite is promising fast turnaround times. Even if it was low-cost and relatively scalable, it's unlikely to keep Wray from pushing for a government mandate. Whatever flaw in the architecture is being exploited by Cellebrite is likely to be patched up by Apple as soon as it can figure out the company's attack vector. And, ultimately, the fact that it doesn't scale isn't something to worry about (though the FBI doubtless will). No one said investigating criminal activity was supposed to easy and, in fact, a handful of Constitutional amendments are in place to slow law enforcement's roll to prevent the steamrolling of US citizens.

Cellebrite's service apparently disables lockscreen protection, allowing the company to root around in the phone's innards to pull out whatever law enforcement is seeking. This also apparently works with Android devices, although that news is far less surprising than discovering Apple's security measures have been defeated. Default encryption isn't an option for all Android devices and that operating system is generally considered to be the a pile of vulnerabilities d/b/a consumer software.

While this won't end calls for weakened encryption, it does at least give law enforcement agencies another option to deploy against locked devices. But I don't expect it to change the rhetoric. Those calling for "responsible encryption" don't really want private sector solutions, no matter how much they claim to want to hold a "conversation" about lawful access. They want tech company subservience. They want the government -- via judicial, executive, or legislative branch -- to put companies in their place. In their opinion, tech companies have been getting uppity and forgetting the private sector exists to serve the government. It's not just a Chris Wray problem. Plenty of government officials feel the same way. But the complaints about "going dark" are going to ring that much hollower when solutions are being offered by private companies other than the ones the FBI is just dying to smack around.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cracking, encryption, going dark, iphone, privacy, responsible encryption
Companies: apple, cellebrite


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 28 Feb 2018 @ 4:22am

    Default encryption isn't an option for all Android devices and that operating system is generally considered to be the a pile of vulnerabilities d/b/a consumer software.

    I don't want to start a fanboy war here or anything, but isn't Apple the company that has been releasing software that grants you root access by doing mundane things like using the password "root" or sometimes no password at all. Apple had to take some time off developing features for iOS 12 so they could plug up all their mistakes from 11.

    Also, if you're going to criticize something, probably helps to not call it "the a pile of vulnerabilities."

    link to this | view in thread ]

  2. identicon
    David, 28 Feb 2018 @ 4:31am

    "It won't scale because it can't."

    The Fourth Amendment does not want the search of personal assets to scale. That's why there is a specific warrant requirement.

    "Responsible encryption" however is the attempt to make the physical execution of the search scale to enable routine warrantless general surveillance: once the surveillance as such is hard to observe, it would be naive to assume that law enforcement would bother a whole lot with the unscalable specific warrant requirement.

    "Safety of one's assets against unreasonable search by agents of the government" is exactly what this attempts to abolish.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 28 Feb 2018 @ 4:33am

    Okay, I have to ask: What does d/b/a even mean?

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 28 Feb 2018 @ 4:33am

    Also, if you're going to criticize something, probably helps to not call it "the a pile of vulnerabilities."

    Poetic license - Look it up, you putrid mass of bile and pus.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 28 Feb 2018 @ 4:36am

    Re:

    d/b/a = doing business as

    link to this | view in thread ]

  6. identicon
    TRX302, 28 Feb 2018 @ 4:49am

    [looks at my 2007 dumbphone]

    They can get my call history off my phone. But they could get it from Verizon directly anyway.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 28 Feb 2018 @ 4:58am

    Re: 4th

    yup. But from the practical police/government perspective ... court warrants are only necessary if you intend to use the evidence gained in a court proceeding -- otherwise you can do all the secret searches and surveillance you want and the judiciary will never notice.

    -----

    web gossip on this Apple stuff is that the Israeli company hired some former Apple engineers to crack the iPhone. Also, that the iPhone encryption was not cracked -- but rather the software routine that limits password-entry attempts; this permits brute force attacks on iPhones having weak passwords. Extended physical access to the iPhone is required.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 28 Feb 2018 @ 5:02am

    I wish IBM would make a phone architecture similar to the PC. Just give us some decent hardware and some documentation for it and we'll deal with installing and securing the O/S.

    This is what I don't like about smartphones. You can't audit or change any of the core, critical software that handles your security. Sure, there are alternate OSes like LineageOS but you need a compatible phone and you risk voiding the warranty in the process despite doing nothing at all to the hardware itself.

    link to this | view in thread ]

  9. icon
    orbitalinsertion (profile), 28 Feb 2018 @ 5:10am

    Other things scale pretty well, like DNA testing, but LEOs certainly have a massive backlog of stuff like that.

    Priorities, priorities...

    They aren't interested in solving crimes, justice, or even the all-holy conviction rate. Cops just wanna snoop.

    link to this | view in thread ]

  10. icon
    DannyB (profile), 28 Feb 2018 @ 5:44am

    Responsible Warrants

    Responsible Warrants can do for real world searches and seizures what Responsible Encryption does for the digital world.

    A judge grants a "Responsible Warrant" that is very specific in defining the bounds and parameters which limit the scope of the search. Namely, you are allowed to search anything, on anyone, anywhere, at any time without any supervision whatsoever.

    Based on watching the last 20 years of history, I will go ahead and predict that Responsible Warrants are comming soon to a regime near you!

    link to this | view in thread ]

  11. icon
    Ninja (profile), 28 Feb 2018 @ 5:44am

    Re:

    Don't forget about hardware issues. But yes, it would be awesome.

    link to this | view in thread ]

  12. icon
    DannyB (profile), 28 Feb 2018 @ 5:46am

    Re:

    Getting your call history from your cell phone provider does not have that delightful dehumanizing appeal of forcibly taking it from your physical phone.

    link to this | view in thread ]

  13. icon
    DannyB (profile), 28 Feb 2018 @ 5:49am

    It's an arms race

    Today they can hack Apple's phone.

    Tomorrow they won't be able to.

    The next day, they will be able to once again.

    Etc.

    Wash, rinse, tail-recursion.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 28 Feb 2018 @ 5:58am

    Re: Responsible Warrants

    Would you need a responsible judge to issue a responsible warrant in order to decrypt some of that sweet responsible encryption?

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 28 Feb 2018 @ 5:58am

    Re:

    When he said "vulnerabilities" I think he was referring about things that let other people into you phone, not things that that let you into your own phone. Th help you understand, by analogy, I don't consider being to access the screws on my front door lock from the inside to be a "vulnerability". If the screws were on the outside that would be a vulnerability.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 28 Feb 2018 @ 6:01am

    Re:

    .. and rape kits

    and yes, it does shed light upon their priorities.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 28 Feb 2018 @ 6:06am

    Re:

    They aren't interested in solving crimes, justice, or even the all-holy conviction rate. Cops just wanna snoop.

    The FBI even changed their official description of their job from "law enforcement" to "nation security". They just wanna run around playing James Bond. That's much more fun.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 28 Feb 2018 @ 6:08am

    Re: Re:

    "national security"

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 28 Feb 2018 @ 6:11am

    Cellebrite claims it can crack any Apple device

    Wait, isn't that illegal?

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 28 Feb 2018 @ 6:19am

    Re:

    I don't want to start a fanboy war here or anything

    Could have fooled me.

    link to this | view in thread ]

  21. icon
    JoeCool (profile), 28 Feb 2018 @ 6:27am

    Re: Re:

    From the manual: ... just open the phone and switch the IRQ jumpers from AB to BC, unless you've already changed jump J112 to the non-default position...

    AAAAAAHHHHHHGGGGGGGG!!!!!

    link to this | view in thread ]

  22. icon
    JoeCool (profile), 28 Feb 2018 @ 6:29am

    Re: Cellebrite claims it can crack any Apple device

    Only if they were in the US... and didn't work for the government.

    link to this | view in thread ]

  23. identicon
    Machin Shin, 28 Feb 2018 @ 6:34am

    Re:

    Sad thing is you get to choose between Apple's walled garden, closed source world or googles more open world, that is a data vacuum trying to suck up little scrap of information about you it can grab.

    Neither one is a good option.

    Apples security through obscurity, closed source system seems to be more secure. That though doesn't really seem to be saying a whole lot.

    Android is open so people can inspect it and try to harden it, but having real security is 100% against google's best interest. They want to spy on you, so making your phone super secure is not good for them.

    I am currently holding out hope that maybe this phone being built by purism will turn out good. I sadly am expecting it to come out and at least here in the USA I bet the wireless carriers are going to fight me when I try and put it on their network.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 28 Feb 2018 @ 7:01am

    Re: "It won't scale because it can't."

    That's a rather bold statement, given that we don't know the nature of the attack.

    If I were the one carrying it out, I would specifically look for a scalable approach -- and of course, I'd look for one that Apple would have difficulty defending against.

    (imagine a 40 minute pause between that paragraph and this one)

    I can think of one. It'll work at scale. It's relatively cheap. The biggest downside is that it would be known to too many people and thus would likely be detected. More thought clearly required.

    link to this | view in thread ]

  25. identicon
    David, 28 Feb 2018 @ 7:13am

    Re: Re: Cellebrite claims it can crack any Apple device

    What Newspeak is this? A crime committed for the government is not a crime? Why would the government of all people be above the law? They are even sworn in to the Constitution.

    Ah yes, this is the U.S. Never mind.

    link to this | view in thread ]

  26. icon
    nasch (profile), 28 Feb 2018 @ 7:38am

    Re:

    Poetic license - Look it up, you putrid mass of bile and pus.

    I'll emphasize the problematic part.

    "generally considered to be the a pile of vulnerabilities d/b/a consumer software."

    See the error now?

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 28 Feb 2018 @ 7:41am

    Curious. Does this apply to phones that are encrypted with a strong password? Or did they just find a way to keep it from nuking itself after so many wrong attempts so they can brute force a PIN/pattern?

    link to this | view in thread ]

  28. identicon
    profssrfink, 28 Feb 2018 @ 7:51am

    took them long enough

    I think it speaks to the great lengths Apple has gone through to secure their OS and device. Apple understood the inherent vulnerability of a device that lives in the open. Phones developed before iPhones weren't really considered secure, nor had access to millions of third party apps/internet. Their walled garden is quite an accomplishment. To those wishing they could break open an iPhone and use the hardware but control the software; you aren't grounded to reality. You complain about Apple not allowing you into their phone. But there are plenty of vendors that allow this, just not with Apple hardware. So don't complain. Unless that is, you actually just want the Apple hardware.

    Apple does almost all of its encryption on device. Think of the millions of dollars needed to research and develop a crack for Apple's device up until this point. The value of their ecosystem is that the two (software and hardware) are inextricably tied to each other. And yes, I hope Apple finds out what this vulnerability is a patches it. Im sure they will like every other time. But I wouldn't trade what I have with their system for anything else out there. The fact that so many people are working so hard to crack Apple's system means they did and are doing something very right. Keep it up.

    link to this | view in thread ]

  29. icon
    PaulT (profile), 28 Feb 2018 @ 8:07am

    Re: Re:

    Plus, in boasting that his phone isn't vulnerable to this kind of activity, he seems to be missing the simple fact that whichever other device he uses to access the internet probably isn't encrypted out of the box - and thus easier for them to get data from than from a smartphone.

    link to this | view in thread ]

  30. icon
    JoeCool (profile), 28 Feb 2018 @ 8:18am

    Re: Re: "It won't scale because it can't."

    That's a rather bold statement, given that we don't know the nature of the attack.

    Except that if it did scale, the would have been crowing about that in order to get bulk sales from groups like the NSA and FBI. That they didn't is a good indicator that it's difficult and takes too much time and effort to scale well.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 28 Feb 2018 @ 9:31am

    Re:

    Sure, there are alternate OSes like LineageOS but you need a compatible phone and you risk voiding the warranty in the process

    Requiring people to use manufacturer-approved OSes only, as a condition of warranty, is illegal in the USA: "Warrantors cannot require that only branded parts be used with the product in order to retain the warranty."

    I wish IBM would make a phone architecture similar to the PC. … but you need a compatible phone

    IBM couldn't solve that problem. You'd still need a compatible phone.

    link to this | view in thread ]

  32. identicon
    Leonard, 28 Feb 2018 @ 9:34am

    Needed improvement

    I use Apple because they are most secure and the default encryption. However, I've always been suspect of the ability to see data simply by successfully entering the phone. I would like to see additional steps required after the phone is opened to access data.

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 28 Feb 2018 @ 10:19am

    Re: Re: Re: Cellebrite claims it can crack any Apple device

    I do not think this trait is unique to one country as it seems to be ubiquitous amongst political entities.

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 28 Feb 2018 @ 10:22am

    Re: Re:

    In that case I have a bridge to sell you.

    link to this | view in thread ]

  35. icon
    orbitalinsertion (profile), 28 Feb 2018 @ 10:40am

    Re: Re:

    Yes, that is the biggest backlog of DNA testing by several orders of magnitude.

    They'll swab someone they know they have run in on BS charges that won't ever stick, and have that processed though. And totally keep that in the system forever. It's cool.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 28 Feb 2018 @ 11:03am

    Re: took them long enough

    That is IF this is even true and they can hack into any iPhone. Maybe it's true, maybe it's not. They're spending a bundle figuring out how to go about it. Which means it's still secure from most everyone, other than BIg Government with money to spend to break into the phones. They can't just mass break into iPhones. It's going to cost them for each phone they get into.

    For everyone else, the phone is secure from most criminals. At some point, Apple will figure out what is going on and fix it. It is a cat and mouse game. At least it's not wide open. Which is how a lot of Android phones still are. Encryption may not be turned on as it can slow the phone down quite a bit.

    Looking at a phone after the fact doesn't really stop anything. The Terrorists are already dead or at least did their bombing and killing. The police can't seem to do any real work.

    link to this | view in thread ]

  37. identicon
    oliver, 1 Mar 2018 @ 1:41am

    Old news is soo exciting

    Why do think this is News?
    This has been rumored and finally know for several months now. Have you misplaced your fainting couch?
    Come on TD you can do better than that.

    Cheers oliver

    link to this | view in thread ]

  38. icon
    Jeremy Lyman (profile), 1 Mar 2018 @ 4:21am

    Re: Re: Re: Cellebrite claims it can crack any Apple device

    Ever seen a police car drive through a red light?

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 1 Mar 2018 @ 7:12am

    Re: Re: Re:

    "In that case I have a bridge to sell you."

    Sounds about right. You would, wouldn't you?

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 1 Mar 2018 @ 7:27am

    Re: Re:

    Requiring people to use manufacturer-approved OSes only, as a condition of warranty, is illegal in the USA:

    Umm, no. That applies to branding, not modifications. Please educate yourself on the differences between full and limited warranties and the exclusions associated with product modifications.

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 1 Mar 2018 @ 7:31am

    Re: Re: Cellebrite claims it can crack any Apple device

    Only if they were in the US

    US law applies worldwide. Just ask the US government.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 1 Mar 2018 @ 7:36am

    Re: took them long enough

    You complain about Apple not allowing you into their phone.

    True dat. It's not your phone. It's Apple's phone. You're just paying for the privilege of using it. Amirite, fan boi?

    link to this | view in thread ]

  43. icon
    PaulT (profile), 2 Mar 2018 @ 12:15am

    Re: Re:

    "Requiring people to use manufacturer-approved OSes only, as a condition of warranty"

    I think you're confused about what that actually means, both with regard to software as a whole and to do with hardware. It's saying that they can't force you to use a part with specific branding, not that they have to retain warranty if you change a part for something completely different. They're saying that they have to retain warranty if you use an off-brand oil filter, not that they have to support you if you swap the engine out for something else.

    Unless they operate completely differently in the US, in my experience most suppliers of phones and PCs will ask you to do a factory reset if they feel it's necessary to determine a hardware fault (with good reason - the vast majority of computer problems are caused by the crap people install after getting it home). They may not support the supplied OS if it's been modified too much, why would they support and OS with which they have no experience or support agreements?

    "IBM couldn't solve that problem. You'd still need a compatible phone."

    Indeed. Quite apart from the strangeness of the idea that IBM would be the desired manufacturer in this day and age, if he's referring to the original PC design as he seems to be - there is a reason competitors used to be referred to as "IBM compatible PCs". Many others were available, IBM just happened to be the ones with popularity and relative ease of copying through standard off the shelf components.

    Plus, he should learn some history, IBM would have happily monopolised the PC market had Compaq and others not managed to legally reverse engineer the BIOS. The spread of the PC was originally because it was easily copied once the BIOS was imitated, not because IBM intended to create something that lots of people could imitate.

    link to this | view in thread ]

  44. icon
    PaulT (profile), 2 Mar 2018 @ 12:18am

    Re: Old news is soo exciting

    1. This still isn't a primary news source. The age of something being commented upon is irrelevant.

    2. There's a difference between unconfirmed rumours and confirmation from a specific source stating that they are claiming that they can do this publicly. The latter is what's being talked about here.

    3. If you're going to mock people for not knowing what you know, at least have the common courtesy to include the link to your evidence, you just look like a dick otherwise.

    link to this | view in thread ]

  45. identicon
    Ali, 6 Mar 2018 @ 1:32am

    Can't Hack my Iphone

    They Can't Hack my Iphone, because i don't have....😂

    link to this | view in thread ]

  46. icon
    PaulT (profile), 6 Mar 2018 @ 1:46am

    Re: Can't Hack my Iphone

    Good for you. But, hopefully in your smug mockery you haven't forgotten that whatever device you do own is probably at least as vulnerable, if not more so.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.