Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

The Feds Can Now (Probably) Unlock Every iPhone Model In Existence

From: "Dave Farber" <farber () gmail com>
Date: Wed, 28 Feb 2018 08:37:34 -0500



Begin forwarded message:


From: Dewayne Hendricks <dewayne () warpspeed com>
Date: February 28, 2018 at 8:07:22 AM EST
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
Subject: [Dewayne-Net] The Feds Can Now (Probably) Unlock Every iPhone Model In Existence
Reply-To: dewayne-net () warpspeed com

The Feds Can Now (Probably) Unlock Every iPhone Model In Existence
By Thomas Fox-Brewster
Feb 26 2018
<https://www.forbes.com/sites/thomasbrewster/2018/02/26/government-can-access-any-apple-iphone-cellebrite/amp/>

In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a 
major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.

Cellebrite, a Petah Tikva, Israel-based vendor that’s become the U.S. government’s company of choice when it comes to 
unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the 
security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully 
raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

The Israeli firm, a subsidiary of Japan’s Sun Corporation, hasn’t made any major public announcement about its new 
iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on 
the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is 
advertising them to law enforcement and private forensics folk across the globe. Indeed, the company’s literature for 
its Advanced Unlocking and Extraction Services offering now notes the company can break the security of “Apple iOS 
devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.” 
Separately, a source in the police forensics community told Forbes he’d been told by Cellebrite it could unlock the 
iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple’s newest 
devices worked in much the same way.

iOS 11 was only released in September last year and was even praised by Cellebrite competitor Elcomsoft for new 
features that were designed to make it harder for forensics experts to hack into an iPhone. That included protections 
against forced unlocks with fingerprints, a tactic previously used by U.S. police in the field.

Though it’s always wise to take the claims of profit-focused vendors with a pinch of salt, whatever flaws Cellebrite 
found in Apple’s tech in the last half year, they’re likely significant; just last year, the company warned about a 
decline in its ability to break into iPhones.

To take advantage of the Cellebrite service, which “can determine or disable the PIN, pattern, password screen locks 
or passcodes on the latest Apple iOS and Google Android devices,” cops have to send the device to Cellebrite first. 
In its labs, the company then uses whatever secret exploits it has to crack the lock and either hands it back to 
investigators so they can take data from the device, or Cellebrite can do that for them. As Forbes previously 
detailed, this can be relatively inexpensive, costing as little as $1,500 per unlock. Given there’s a $1 million 
price tag for a single iPhone vulnerability, that’s cheap.

Cellebrite could put its latest iPhone unlocking tech into the software it sells to customers. But that would mean 
Apple could test the tool and potentially figure out a way to stop it working, explained Don Vilfer, a partner at 
private forensics firm VAND Group, who welcomed the new services. Vilfer said his company has already had some 
success with the iOS 11 service, in a case where a client’s employee wouldn’t give over their passcode for their work 
iPhone, though he recalled it was an iPhone 6 model, not one of the most recent devices.

Neither Apple nor Cellebrite had provided comment at the time of publication.

[snip]

Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
Twitter: https://twitter.com/wa8dzp






-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180228083744:8C22ECA4-1C8C-11E8-BC75-F8FA6B13308F
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: