NYC Law Enforcement Has Been Cracking Locked iPhones for Almost 2 Year

NYC Law Enforcement Has Been Cracking Locked iPhones for Almost 2 Year

Using a screen lock on your smartphone will keep most prying eyes away from your personal data, but law enforcement is not so easily deterred. Police have access to tools and services that can crack phones, and we might not even know what capabilities they have until years later. Israeli forensics firm Cellebrite announced its new in-house phone cracking tool earlier this year, but a new report suggests law enforcement has had access to it since early 2018.

Cellebrite offers numerous services to law enforcement, all aimed at collecting digital evidence from seized devices. This has become big business ever since Apple and Google made encryption the default on their mobile platforms. Companies like Cellebrite search for or purchase undisclosed vulnerabilities and use those to build custom phone cracking tools.

Cellebrite announced its new Universal Forensic Extraction Device (UFED) Premium service in June 2019. With UFED Premium, police can unlock almost all iPhones and most Android phones in-house. With other services, law enforcement often has to send phones out to a forensic laboratory to have them unlocked. That adds a lot of red tape and slows down the investigation.

According to a new report, the Manhattan District Attorney’s office has had access to UFED Premium long before the official announcement — as early as January 2018. This claim comes from a leaked contract with the Manhattan DA, one of the most influential prosecution offices in the country. The office reportedly paid $200,000 for the UFED Premium license, training, and a set number of in-house phone unlocks. There were also additional service add-ons totaling about $1 million. The contract also requires the DA to set up a secure room to house the software with no recording devices allowed.

NYC Law Enforcement Has Been Cracking Locked iPhones for Almost 2 Year

Cellebrite always refuses to comment on its business or who uses its products, so we’re left to speculate about how this arrangement happened in secret. It’s possible Cellebrite had UFED Premium ready years ago, but it delayed making a public announcement so big customers like the Manhattan DA could make full use of the product. As soon as Cellebrite announced the in-house cracking capability, the security community set to work figuring out how it worked. Eventually, the company may need to devise a new approach as vendors patch to block the UFED Premium tools.

Currently, Cellebrite advertises UFED Premium as being able to unlock all iPhones as well as many high-end Android phones like those made by Samsung and Huawei. Presumably, that means even the latest iOS 13 is vulnerable.

Continue reading

Protect Your Online Privacy With the 5 Best VPNs
Protect Your Online Privacy With the 5 Best VPNs

Investing in a VPN is a smart choice right now, but the options are vast. To help narrow things down a bit, we've rounded up five of our very favorite consumer services.

Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption
Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption

The Oculus Quest 2 is now available, and it's an improvement over the original in every way that matters. And yet, it's $100 less expensive than the last release. Having spent some time with the Quest 2, I believe we might look back on it as the headset that finally made VR accessible to mainstream consumers.

Review: DJI’s New Mini 2 May Be the Perfect Travel Drone
Review: DJI’s New Mini 2 May Be the Perfect Travel Drone

If you love traveling with your drone but hate lugging around a lot of gear, DJI's Mini 2 may be the perfect solution.

SpaceX Launches ‘Better Than Nothing’ Starlink Beta
SpaceX Launches ‘Better Than Nothing’ Starlink Beta

Those lucky few who have gotten invitations to try the service will have to pay a hefty up-front cost, and the speeds aren't amazing. Still, it's a new generation of satellite internet.