As Thomas Fox-Brewster reports at Forbes (danger! there’s an irritating anti-ad-blocker interstitial at the end of that link), Israeli security firm Cellebrite claims it can now even unlock iPhones running the very latest version of iOS.
Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company’s literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.”
Sure enough, a January 2018-dated marketing document from Cellebrite, touting its ability to unlock smartphones and extract data from them, appears to confirm the company has found a method to meddle with iOS 11’s security on the latest Apple devices.
Such a technique has ramifications for all users of Apple products. Because if Cellebrite has found a way to do this, the ability could also potentially be found by others – including law enforcement agencies and dodgy authoritarian regimes.
And if they haven’t discovered how to do it… well, they could always pay Cellebrite to do it for them.
The one thing you can be pretty sure about is that Cellebrite is unlikely to have shared details with Apple. After all, Apple would presumably work quickly to secure any vulnerability, protecting hundreds of millions of its users around the world. And that would simply work against Cellebrite’s business model.
Forbes has also uncovered that the US government has used the phone-cracking technology in a criminal investigation, extracting information from a suspected arms trafficker’s iPhone X.
One interesting aside. Bruce Schneier notes the possibility that whatever Cellebrite has up its sleeve against latest iPhones may “only” stop iOS from preventing you from multiple attempts at guessing an owner’s PIN or password:
There’s also a credible rumor that Cellebrite’s mechanisms only defeat the mechanism that limits the number of password attempts. It does not allow engineers to move the encrypted data off the phone and run an offline password cracker. If this is true, then strong passwords are still secure.
If that’s the case then it’s still a security weakness of course, but not quite by itself a skeleton key for the Feds.