Cellebrite, an Israeli company known for hacking into iPhones for governments, has made a startling claim: that it can now unlock any model of iPhone. This month it told customers that its engineers have found a way to bypass iOS 11 security (via Forbes).
iPhone Hacking
According to Forbes, an iPhone X was successfully broken into for data by the Department of Homeland Security back in November, and it’s most likely that Cellebrite technology was used.
In order for law enforcement to access iPhone data, they have to send it to Cellebrite. In its lab the company uses its technology to crack the passcode. Then, either it sends the phone back law enforcement or it extracts the data itself.
Don Vilfer, a partner at private forensics firm VAND Group, says it’s unlikely that Cellebrite will put its latest tech into the software it sells. Because then Apple could acquire it and potentially figure out how the tool works.
The ability to unlock any iPhone model is significant, and the cost of unlocking an iPhone can be pretty cheap, around US$1,500 per device. Now compare that to the million dollar price tag that one iPhone vulnerability is worth. If Apple decides to tighten iPhone security, we could either see it this summer at WWDC, or perhaps further into the future.
Scary, except it may not be as easy as reported. It seems at least according to this article over at Ars that this is simply a way to use brute force by disabling or bypassing the counter that erases the device after ten attempts. If you use a complex passcode it may be impossible to crack even by brute force.
https://arstechnica.com/information-technology/2018/02/cellebrite-can-unlock-any-iphone-for-some-values-of-any/
This is quite significant. Cellebrite lives on their reputation. They wouldn’t say this sort of thing if they couldn’t do it. So it is likely to be true, at least on some level.
So what’s Apple to do? Cellebrite, as you said, will not voluntarily tell Apple how they did it. Hire a private security company. Have them take a phone to Cellebrite saying it’s part of a divorce case or some such cover story, and pay them to unlock it. Then Apple goes through the iPhone for information as to how they did it.
Yes this is very worrisome, because it is only a matter of time before word gets out how to do this. Apple needs to be one step ahead.