As The DOJ Continues To Complain About Encryption, Cellebrite (Again) Announces It Can Crack Any IPhone
from the do-y'all-not-get-the-internet? dept
On Monday, June 17, Deputy Attorney General Jeffrey Rosen said this during his speech to the National Sheriffs' Association:
In recent years, criminals have become more and more adept at using technology to avoid law enforcement in what we call “going dark.” While “going dark” has many manifestations, some of its greatest impacts are in the areas of encryption, in assuring the security of information. But, as you well know, encryption also allows criminals to frustrate law enforcement's access to evidence — even where a neutral judge has found probable cause and ordered that we have access to that evidence.
I guess the "going dark" crowd doesn't get out much.
On Friday afternoon, the Israeli forensics firm and law enforcement contractor Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it's calling UFED Premium. In marketing that update, it says that the tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3, released just a month ago. Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy S9. No other law enforcement contractor has made such broad claims about a single product, at least not publicly.
It was announced very publicly. This wasn't a press release sent only to government agencies or the byproduct of leaked internal documents. It was announced on the company's Twitter account, letting everyone know Cellebrite is apparently beating almost every device maker at their own encryption game. Like GrayKey's offering, Cellebrite's updated encryption-breaker is hardware that can be used on site by purchasers, allowing law enforcement agencies to perform their own cracking and extraction.
Sure, the flaws used to bypass device security will be patched, and Cellebrite and its competitors will keep digging around in device hardware/software to find holes to exploit. The security vs. insecurity war will continue. But for all the weak arguments made by the head of the FBI -- especially the ones about Apple, etc. "profiting" from locking out law enforcement -- it would seem companies like Cellebrite are more likely to directly profit from device encryption. Encryption on phones is a standard offering, not a selling point. Tools that break encryption? Now, that's where the real money is.
Cellebrite, along with companies like GrayKey, are providing the solutions the FBI and DOJ think device manufacturers should be creating for them. We don't hear much from FBI officials about third party offerings because this agency would prefer a permanent fix delivered by Congress and the courts, rather than spend any of their own money and time trying to find a solution. The FBI has been misleading and dishonest for the entirety of its "going dark" campaign, all the while claiming tech companies would willingly give the FBI what it wants -- encryption backdoors -- if they would just engage in an "honest" conversation about the issue.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, encryption, fbi, going dark, ios, iphone
Companies: apple, cellebrite
Reader Comments
Subscribe: RSS
View by: Time | Thread
All that being said, I think that Cellebrite's claims have a number of asterisks attached. I don't think their methods will unlock all phones, just phones that use the default configuration, on all OS versions and hardware versions.
My phone has debug and multimedia communications locked out by default and is protected by a 13+ alphanumeric password. They're not getting in via the communications port, they're not getting in via 6-digit password attacks, they're not getting in via facial recognition or fingerprint hash faking.
So unless they've found some side channel technique that doesn't depend on one of those methods, they're not getting into my phone. Not that it matters; there's nothing there worth getting into. I just don't believe in making it easy for people trying to access other people's PII without permission.
[ link to this | view in chronology ]
FBI: Apple has such strong encryption the USA can not break it.
Cellbrite: We broke it.
Apple: We have securely encrypted your private data to the best of our ability, able to block the US government's best hackers and still bad actors are capable of breaking into your phone. People want to hold us accountable for data breaches. Why the FUCK should we install an intentional hole in our security?
I think John Oliver's encryption ad says it even better.
[ link to this | view in chronology ]
Maybe the "going dark" claims refer to the DOJ closing it's eyes and wishing really, really hard Congress and the courts will do their work for them.
[ link to this | view in chronology ]
Cellebrite Good Times, Come On!
Sometime it seems the Sheriffs' concerns about "going dark" might be epidermal, not technological.
[ link to this | view in chronology ]
Re: Cellebrite Good Times, Come On!
Sick Burn!
LEO’s are gonna need some water for that one.
[ link to this | view in chronology ]
The software has been available online for over a year
You can still find it on file sharing services. It does unlock any iphone. It only works on some android phones apparently.
[ link to this | view in chronology ]
Re: The software has been available online for over a year
Maybe you should read the fucking article you idiot (and liar)... Here let me help you:
How can a hardware device be found on file sharing services? Do you not know the difference between hardware and software? Let me help you again:
Hardware
Software
Now be a good little idiot and go read those two articles and when you are more informed, then you can come back and maybe have a conversation with the grown-ups.
[ link to this | view in chronology ]
Re: Re: The software has been available online for over a year
I don't know whether the statement is true, but a lot of devices sold as "hardware" are general-purpose machines that do all the interesting stuff in software ("firmware"). A journalist or the company calling it hardware doesn't mean much.
[ link to this | view in chronology ]
Re: The software has been available online for over a year
Links to it, or you are a liar and a racist.
[ link to this | view in chronology ]
Re: Re: The software has been available online for over a year
Liar I could see, but WTF in his post has any connection to racism?
[ link to this | view in chronology ]
Re: The software has been available online for over a year
You're an asshat troll. Enjoy the downvotes I stick on every one of your posts.
[ link to this | view in chronology ]
Re: The software has been available online for over a year
"It does unlock any iphone"
Hahaha - in the real world, it is possible to alter an iphone in such a way that the info is lost forever.
[ link to this | view in chronology ]
Re: Re: The software has been available online for over a year
I think things are a little backward. it's been Android that's been quite easy to break into. It used to be most of the time encryption wasn't even turned on as it showed the phones down to much. These days that's no the norm anyway, but security is still quite weak with Android.
Have you ever heard of the FBI complaining about not breaking into Android phones? NO!!! It's always iPhones. As for Cerllebrite saying they can get into any iPhone. I find that hard to believe. Maybe a large percentage as so many people use pretty weak passcodes. It is a cat and mouse game. Maybe as some point after finding a new hole they can finally get into that iPhone, even though there has since been a iOS update to fix it. That phone they've held onto doesn't have that new iOS version. SO they finally crack it.
[ link to this | view in chronology ]
"it says that the tool can now unlock any iOS device cops can lay their hands on"
That's quite the claim isn't it.
Give them an iOS device that has been run over by a cement truck, tossed in a toilet, had multiple holes drilled in it, been irradiated in a microwave and struck by lightning.
[ link to this | view in chronology ]
Re:
They're hackers, not Gods. Although given their boasting, they might have a god complex.
[ link to this | view in chronology ]