Slashdot Mirror

← Back to Stories (view on slashdot.org)

Israel-Based Vendor Cellebrite Can Unlock Every iPhone, including the Current-Gen iPhone X, That's On the Market: Forbes (forbes.com)

Posted by msmash on from the security-woes dept.

Cellebrite, an Israel-based company, knows of ways to unlock every iPhone that's on the market, right up to the iPhone X, Forbes reported on Monday, citing sources. From the report: Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11 . That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

The Israeli firm, a subsidiary of Japan's Sun Corporation, hasn't made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren't authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company's literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of "Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11." Separately, a source in the police forensics community told Forbes he'd been told by Cellebrite it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple's newest devices worked in much the same way.

11 of 146 comments (clear)

  1. It's a bit disturbing to me by Anonymous Coward · · Score: 5, Insightful

    Our government works so hard to bypass security protocols for consumer technology. OK, so perhaps I'm naive. But a government what works for it's citizens should not be so focused on breaking into our computers without due process. (thank you Patriot Act).

    1. Re:It's a bit disturbing to me by alvinrod · · Score: 5, Insightful

      A government that worked for its people would be helping companies like Apple, Google, etc. to harden their security systems instead of trying to pry into them. That may make it more difficult for law enforcement to arrest or convict a few people, but it does significantly more to protect citizens from scammers and other threats.

      I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up, we wouldn't be seeing massive data breaches every few months.

    2. Re:It's a bit disturbing to me by viperidaenz · · Score: 3, Insightful

      Your government isn't working hard to bypass iPhone security.

      They just paid a private company to do it for them. Doesn't sound like they have any need to focus on it at all.

    3. Re:It's a bit disturbing to me by dj245 · · Score: 4, Insightful

      Our government works so hard to bypass security protocols for consumer technology. OK, so perhaps I'm naive. But a government what works for it's citizens should not be so focused on breaking into our computers without due process. (thank you Patriot Act).

      Israel's approach to cybersecurity is very different than the USA. Firstly, a majority of citizens must serve in the military for around 2-3 years. The cybersecurity division of their armed forces is quite substantial. Then, many if not most of those trained individuals are turned loose in the private sector. The skills learned in the military are very transferable to private practice, even if the exact vulnerabilities that a servicemember found in the military are classified and can not be used. Is it any surprise that Israel has a comparatively high percentage of cybersecurity companies?

      The US system appears to work mostly in reverse (to an outside observer). The NSA and other agencies find vulnerabilities and then keep them secret. Turnover to and from the private sector isn't as high as the Israeli system. The US military sector does a comparatively worse job training these skills and distributing them to the market, where they may do more good than spying on Angela Merkel.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    4. Re:It's a bit disturbing to me by Anonymous Coward · · Score: 4, Insightful

      In the real world the gov't protects the gov't. Your lost privacy is their gain.

    5. Re:It's a bit disturbing to me by BronsCon · · Score: 4, Insightful

      Until your friend pranks you and you jokingly text them "I'm gonna kill you for that" in response and they end up dead a day or two later.

      Welcome to a murder 1 charge with pretty damning evidence against you, all because you didn't think privacy was important.

      In fact, it is those very situations that our guarantee of privacy from government snooping absent due process is intended to prevent.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    6. Re:It's a bit disturbing to me by MBGMorden · · Score: 3, Insightful

      Meh - this is fine. They still need due process (eg, a warrant) - this just gives them the technical ability to get into a phone that they have the legal right to do so.

      I'm not at all for building INTENTIONAL backdoors into the software (and whatever hole in the security this company is using to gain access I'd hope Apple soon finds and closes), but if they have their warrant I have no issue with them hacking into the phone if they can figure it out. IMHO it's the same as cutting the lock off of a door to gain entry to a building they've secured a warrant to.

      --
      "People who think they know everything are very annoying to those of us who do."-Mark Twain
    7. Re:It's a bit disturbing to me by StormReaver · · Score: 4, Insightful

      These tools may allow a locked phone to be searched after a search warrant is issued.

      Or, more likely, allow the FBI/NSA to bypass the warrant entirely by saying, "We didn't do it. A private company, not subject to the constraints of warrants, did it. We just happened to stumble upon the results." They're quite fond of Parallel Construction and its bastard children.

  2. On The Bright Side... by TechyImmigrant · · Score: 3, Insightful

    At least there are plenty of us who are working on unbreakable hardware primitives in silicon that will keep these bastards at bay. It's about as nontrivial as it gets and we and many other have been at it for several years. The endpoint is pretty clear though. We will prevail.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  3. Forbes is a total rag these days by kalpol · · Score: 4, Insightful

    No source checking and very little editing of their crowd-sourced articles. I have not seen this claim reported by any legitimate sources.

    --
    12:50 - press return.
    1. Re:Forbes is a total rag these days by msmash · · Score: 5, Insightful

      I agree with your general assessment of Forbes. They do have a contributor program which many people have been abusing for years by writing misleading articles. However, this particular story is written by a full-time staff reporter there. It's his scoop, and many reputed security journalists have shared it on social media, lending it more credibility. (Also, in general, we avoid linking back to Forbes because of its annoying daily quote thingy and stand on adblockers.) Opinion on Forbes is mine and it does not reflect the views of other people on Slashdot's staff.