NYC Law Enforcement Has Been Cracking Locked iPhones for Almost 2 Year

Using a screen lock on your smartphone will keep most prying eyes away from your personal data, but law enforcement is not so easily deterred. Police have access to tools and services that can crack phones, and we might not even know what capabilities they have until years later. Israeli forensics firm Cellebrite announced its new in-house phone cracking tool earlier this year, but a new report suggests law enforcement has had access to it since early 2018.

Cellebrite offers numerous services to law enforcement, all aimed at collecting digital evidence from seized devices. This has become big business ever since Apple and Google made encryption the default on their mobile platforms. Companies like Cellebrite search for or purchase undisclosed vulnerabilities and use those to build custom phone cracking tools.

Cellebrite announced its new Universal Forensic Extraction Device (UFED) Premium service in June 2019. With UFED Premium, police can unlock almost all iPhones and most Android phones in-house. With other services, law enforcement often has to send phones out to a forensic laboratory to have them unlocked. That adds a lot of red tape and slows down the investigation.

According to a new report, the Manhattan District Attorney’s office has had access to UFED Premium long before the official announcement — as early as January 2018. This claim comes from a leaked contract with the Manhattan DA, one of the most influential prosecution offices in the country. The office reportedly paid $200,000 for the UFED Premium license, training, and a set number of in-house phone unlocks. There were also additional service add-ons totaling about $1 million. The contract also requires the DA to set up a secure room to house the software with no recording devices allowed.

Cellebrite always refuses to comment on its business or who uses its products, so we’re left to speculate about how this arrangement happened in secret. It’s possible Cellebrite had UFED Premium ready years ago, but it delayed making a public announcement so big customers like the Manhattan DA could make full use of the product. As soon as Cellebrite announced the in-house cracking capability, the security community set to work figuring out how it worked. Eventually, the company may need to devise a new approach as vendors patch to block the UFED Premium tools.

Currently, Cellebrite advertises UFED Premium as being able to unlock all iPhones as well as many high-end Android phones like those made by Samsung and Huawei. Presumably, that means even the latest iOS 13 is vulnerable.

Continue reading

Hyundai Is Buying Boston Dynamics for Almost $1 Billion

The company just started selling its first product, the Spot quadruped robot. Owner SoftBank apparently feels this is the best time to unload the company, which it purchased from Google in 2017. Now, Hyundai Motor Company is set to acquire Boston Dynamics for $921 million.

Arctic Is Planning to Launch First New Thermal Paste in Almost a Decade

Arctic (formerly Arctic Cooling) may be prepping to introduce its first new thermal paste in nearly a decade.

AMD Shipped Almost 1M Ryzen 5000 CPUs, Still Couldn’t Meet Demand

Intel gained market share in desktop and mobile last quarter, but AMD hit records of its own, including the fastest new CPU ramp in company history.

With AT&T Deal, Google Has Almost Won the RCS Messaging Wars

A few years ago, Google announced it was giving up on its much-maligned Allo chat platform in favor of RCS. That decision is finally starting to pay off.