Police Can Unlock Any iPhone With Cellebrite’s New Tool

Police Can Unlock Any iPhone With Cellebrite’s New Tool

It used to be trivially easy for police to scoop up all the private data on cell phones seized in the course of an investigation. The era of smartphones brought new challenges and new opportunities for investigators. While smartphones contain so much more information than the flip phones of yesteryear, they’re also much harder to access without a password. Several companies offer device unlocking services to law enforcement, but they’re limited by devices and software versions. Israeli forensics firm Cellebrite says it can free up the data on any iOS device up to the latest v12.3.

The new iPhone cracking capabilities come by way of a new version of the company’s Universal Forensic Extraction Device or UFED. Cellebrite calls the new UFED Premium an “exclusive solution for law enforcement.” Investigators can purchase the device and use it to perform data backups from locked smartphones. Without something like the UFED, getting a warrant to copy a phone’s contents won’t do police any good when the device in question is locked and encrypted. There’s also some concern these devices could end up in the hands of criminals.

Apple just released iOS 12.3 a month ago, so Cellebrite must have gotten its hands on a very sensitive vulnerability in the software if it’s capable of unlocking any device. Odds are Cellebrite paid an arm and a leg to some security researcher for the exploit, and now it’ll leverage it to make money from governments and law enforcement until Apple can discover how the UFED Premium works.

Cellebrite also claims UFED Premium can extract data from a number of popular Android phones like the Galaxy S series up through the S9, as well as phones from LG, Huawei, and Xiaomi. That suggests it has found manufacturer-specific flaws and not something that affects all Android devices. So, that’s at least one bit of good news.

Cellebrite is proud to introduce #UFED Premium! An exclusive solution for law enforcement to unlock and extract data from all iOS and high-end Android devices. To learn more, click here: https://t.co/WHsaDxzoXz pic.twitter.com/BSixEkyAuL

— Cellebrite (@Cellebrite_UFED) June 14, 2019

This isn’t the first time Apple has been faced with a phone cracking problem. Another security firm called Grayshift made a business out of selling its GrayKey phone unlocking station. It used custom software to brute force Apple PIN codes, but Apple mitigated the usefulness of the GrayKey by disabling data on the Lightning port when devices were locked and idle. It’s unclear if this technique can stop UFED Premium, but it sounds like not.

Apple will inevitably block UFED Premium, but the company probably chose this moment to announce because v12.3 just launched. Cellebrite likely figures it has some time to sell devices and unlocking services before they become useless.

Continue reading

Newegg Changes Return Policy to Combat Scammers, Harm Customers
Newegg Changes Return Policy to Combat Scammers, Harm Customers

Newegg is trying to crack down on scammers, but it's catching regular users in the same net.

Microsoft Needs to Clarify Its Windows 11 Update Policy Before Launch
Microsoft Needs to Clarify Its Windows 11 Update Policy Before Launch

Microsoft is now requiring people to acknowledge a waiver to run Windows 11 on unsupported configurations, but it has yet to clarify exactly how unsupported people are going to be.

Predictive Policing Software Shown to Entrench Bias, not Address It
Predictive Policing Software Shown to Entrench Bias, not Address It

A new analysis by Gizmodo has concluded that such software disproportionately targets poor communities and communities of color.

Amazon Gave Ring Footage to Police Without a Warrant or Owner Consent
Amazon Gave Ring Footage to Police Without a Warrant or Owner Consent

This isn't the first time Ring has been caught in bed with law enforcement, and based on what Amazon’s vice president of public policy told government officials, it won't be the last.