US Government Contractor Cellebrite ‘Can Unlock Latest iPhones’

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

Even the most recent iOS gadgets and software may not be safe from prying eyes, according to claims by Israel-based Cellebrite

Israel-based computer forensics firm Cellebrite, best known as a key collaborator with US law-enforcement agencies, may be able to unlock the latest iPhone software and hardware, including the iPhone X, according to reported comments and documents and Cellebrite’s own literature.

The development sheds light on the encryption arms race between smartphone makers such as Apple and law-enforcement organisations, along with the forensics firms that work with them.

Mobile devices have become significantly more secure in recent years, with models routinely including biometric authentication techniques such as face readers and fingerprint scanners, but Cellebrite’s claims suggest it has been able to keep up with the latest advances.

In January-dated public literature on its lab-based Advanced Unlocking and Extraction service, Cellebrite says it can unlock devices running iOS versions 5 to 11, as well as Android-based devices from a range of manufacturers.

Apple’s iPhone X

Most recent devices ‘accessible’

The company confirmed it was able to access devices running all iOS versions up to the most recent, 11.2.6.

“Agencies can either provide the device already unlocked, furnish the known passcode, or use Cellebrite’s Advanced Unlocking Services to unlock the device,” Cellebrite said in a statement provided to Forbes. Forbes earlier reported Cellebrite’s latest capabilities based on comments by unnamed sources.

Cellebrite reportedly made its initial claims about iOS 11 privately to law-enforcement and forensics organisations.

Forbes also said it had found a warrant indicating data in an iPhone X belonging to an arms trafficking suspect was extracted by a Cellebrite technician in Michigan in December of last year. The document didn’t indicate how the device was unlocked.

Mobile device security has become a high-profile issue as the gadgets have come to contain ever-more sensitive information.

In April 2016, the FBI said it had paid more than £1 million to an undisclosed private firm, probably Cellebrite, to unlock the iPhone 5C belonging to the suspect in December 2015’s shootings in San Bernardino. The FBI made that deal after Apple refused to help unlock the device.

hpBrute-force attack?

Cellebrite hasn’t disclosed information about the techniques it uses to unlock iPhones and other gadgets. Its service requires customers to send devices to a lab, meaning there’s no way for Apple to directly gain knowledge of Cellebrite’s methods and build safeguards against them.

Security experts have, however, speculated the technique is likely to involve bypassing safeguards that limit the number of password entry attempts. That would make it possible to carry out a brute-force attack, in which various combinations are entered until the right one is found.

Cryptographer Bruce Schneier called the idea that Cellebrite was limited to brute-force attacks “credible”. “If this is true, then strong passwords are still secure,” he said in a blog post.

But privacy campaigner Edward Snowden said the development threatens “the core of an iPhone’s value”.

“The only compelling reason for someone to buy an iPhone over more open, less expensive competitors was Apple’s stronger stance on users’ right to privacy and security,” he said on Twitter.

Apple has tried to make it more difficult to interfere with the authentication system with the use of a separate Secure Enclave coprocessor that has shipped with devices since the iPhone 5S in September 2013.

Apple hadn’t provided comment at the time of publication.

Do you know all about security? Try our quiz!