The Israeli digital forensics firm Cellebrite claims it now has the ability to unlock almost any phone on the market, including iPhones installed with the latest software said to be of top-notch security, as well as tablets like iPads.
The Petah Tikva-based company, which made international headlines in 2016 for helping US authorities crack the iPhone used by the terrorist who perpetrated the 2015 San Bernardino, California shooting, published a document last month on its website detailing “Unlocking & Extraction Services” for a number of devices. This includes “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11,” and “Google Android devices, including Samsung Galaxy and Galaxy Note devices; and other popular devices from Alcatel, Google Nexus, HTC, Huawei, LG, Motorola, ZTE, and more.” The discovery was first reported by Forbes.
“Cellebrite Advanced Unlocking Services is the industry’s only solution for overcoming many types of complex locks on market-leading devices. This can determine or disable the PIN, pattern, password screen locks or passcodes on the latest Apple iOS and Google Android devices,” the company writes in the document.
Cellebrite did not make major announcements as to its alleged breakthrough capabilities, but Forbes reported that two sources said the company has been advertising them to law enforcement agencies and “private forensics folk” across the world.
Forensics specialists, Cellebrite writes, can launch a request to unlock a device after which it is delivered to a “Cellebrite Forensic Labs where trained specialists perform the unlocking and/or extraction service using carefully controlled techniques that ensure the forensic integrity of the data.
Devices are usually processed and returned within 10 business days to its “originating agency,” according to Cellebrite. Forbes reports that such a service can be quite cost-effective, with a price tag of “as little as $1,500 per unlock.” Given that exposing a single iPhone vulnerability comes with a prize of $1 million, that is cheap.
“I’d be zero-percent surprised if Cellebrite had a zero-day [exploit] that allowed them to unlock iPhones with physical access,” Patrick Wardle, chief research officer at Digita Security, told Threatpost, a cybersecurity news site, in reference to a vulnerability that is previously unknown and therefore can be exploited immediately, allowing little or no time to counter-act.
“These guys clearly have the skills, and there is also a huge financial motivation to find such bugs,” he added.
In its report, Forbes said that an iPhone X belonging to an alleged arms trafficker “was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology,” according to a warrant obtained by the magazine. The warrant did not detail what information was gleaned from the device but did mention that the specialist who obtained the information “received specific training in cellular extraction through Cellebrite.”
Security experts say Cellebrite’s capabilities, and those of other similar companies, pose privacy concerns for Apple and other customers and raise a number of issues related to civil rights and due process. They also prompt questions on the links between tech firms and government and law agencies on matters of data privacy and access.
Adam Schwartz, an attorney with Electronic Frontier Foundation told Forbes that “…the government really needs to get a warrant before it searches our phones. It’s all the more true when we see the ever-expanding power of governments to get into those phones.”
Sign up for our free weekly newsletterSubscribe
“Cellebrite’s techniques clearly pose privacy concerns for Apple customers, but there are also underlying issues around the private forensics contractors doing business with them,” David Pearson, Principal Threat Researcher at Awake Security, told ThreatPost.
Apple’s iOS 11 became available for download in September 2017, which the company advertised as a “major leap forward in security for mobile devices.” Apple has called for customers to upgrade their software and told Threatpost in a comment that its “most recent iteration of iOS (11.2.6) ensures customers have the latest protections.”
Apple has been adding layers of security to its devices with each new release, culminating in the standoff in 2015-2016 with the FBI, whose agents wanted the tech giant to help unlock the iPhone 5C of Syed Rizwan Farook, who along with his wife Tashfeen Malik, gunned down 14 people in San Bernardino and injured 22. Apple had refused to unlock the iPhone, citing privacy concerns, a move that prompted extensive public debate on whether the government should gain access to the personal information of its citizens (Farook was an American citizen).
Cellebrite then stepped in to unlock the phone, which authorities believed contained information important for their investigation into the shooting.
Cellebrite’s technology has garnered interest from government agencies across the world. Last summer, Australia’s Immigration Department and the Great Barrier Reef Marine Park Authority were just two of the latest agencies to confirm that they had bought the Israeli company’s phone-hacking technology.
The company provides a number of digital intelligence services to forensic specialists in the law enforcement, military, intelligence, and corporate security fields in more than 100 countries.
Last year, it rolled out a device plug-in meant to reveal whether drivers were on their phones at the times of collisions and accidents, which also raised privacy concerns. Dubbed the “breathalyzer for texting,” or “textalyzer,” Cellebrite said the plug-in can detect the data without necessarily retrieving specific content. Law enforcement agencies in the US were seeking the device and the technology, which would force drivers to submit to the test to determine whether they were distracted by their phones. This information usually requires a warrant to obtain, a process which can take weeks, sometimes months.
The device generated controversy and has been met with resistance by privacy advocates, who argue that it is too intrusive and can lead to privacy violations as police officers would be exposed to sensitive personal data such as text messages, contacts, and call logs – even when deleted.
Cellebrite, founded in 1999, is headquartered in Petah Tikva and operates five additional offices around the world, with a total of 500 employees. In 2007, Cellebrite was acquired by Japanese manufacturing giant Sun Corp. for $17.5 million and has since been its wholly owned subsidiary.