Police Can Unlock Any iPhone With Cellebrite’s New Tool

It used to be trivially easy for police to scoop up all the private data on cell phones seized in the course of an investigation. The era of smartphones brought new challenges and new opportunities for investigators. While smartphones contain so much more information than the flip phones of yesteryear, they’re also much harder to access without a password. Several companies offer device unlocking services to law enforcement, but they’re limited by devices and software versions. Israeli forensics firm Cellebrite says it can free up the data on any iOS device up to the latest v12.3.
The new iPhone cracking capabilities come by way of a new version of the company’s Universal Forensic Extraction Device or UFED. Cellebrite calls the new UFED Premium an “exclusive solution for law enforcement.” Investigators can purchase the device and use it to perform data backups from locked smartphones. Without something like the UFED, getting a warrant to copy a phone’s contents won’t do police any good when the device in question is locked and encrypted. There’s also some concern these devices could end up in the hands of criminals.
Apple just released iOS 12.3 a month ago, so Cellebrite must have gotten its hands on a very sensitive vulnerability in the software if it’s capable of unlocking any device. Odds are Cellebrite paid an arm and a leg to some security researcher for the exploit, and now it’ll leverage it to make money from governments and law enforcement until Apple can discover how the UFED Premium works.
Cellebrite also claims UFED Premium can extract data from a number of popular Android phones like the Galaxy S series up through the S9, as well as phones from LG, Huawei, and Xiaomi. That suggests it has found manufacturer-specific flaws and not something that affects all Android devices. So, that’s at least one bit of good news.
Cellebrite is proud to introduce #UFED Premium! An exclusive solution for law enforcement to unlock and extract data from all iOS and high-end Android devices. To learn more, click here: https://t.co/WHsaDxzoXz pic.twitter.com/BSixEkyAuL
— Cellebrite (@Cellebrite_UFED) June 14, 2019
This isn’t the first time Apple has been faced with a phone cracking problem. Another security firm called Grayshift made a business out of selling its GrayKey phone unlocking station. It used custom software to brute force Apple PIN codes, but Apple mitigated the usefulness of the GrayKey by disabling data on the Lightning port when devices were locked and idle. It’s unclear if this technique can stop UFED Premium, but it sounds like not.
Apple will inevitably block UFED Premium, but the company probably chose this moment to announce because v12.3 just launched. Cellebrite likely figures it has some time to sell devices and unlocking services before they become useless.
Continue reading

Protect Your Online Privacy With the 5 Best VPNs
Investing in a VPN is a smart choice right now, but the options are vast. To help narrow things down a bit, we've rounded up five of our very favorite consumer services.

RISC-V Tiptoes Towards Mainstream With SiFive Dev Board, High-Performance CPU
RISC V continues to make inroads across the market, this time with a cheaper and more fully-featured test motherboard.

The PlayStation 5 Will Only Be Available Online for Launch Day
The PlayStation 5 isn't going to be available in stores on launch day, and if you want to pick up an M.2 SSD to expand its storage, you'll have some time to figure out that purchase.

ARMing for War: New Cortex-A78C Will Challenge x86 in the Laptop Market
ARM took another step towards challenging x86 in its own right with the debut of the Cortex-A78C this week. The new chip packs up to eight "big" CPU cores and up to an 8MB L3 cache.