Apple makes it a point with every product announcement to stress security and privacy features. That exact thing happened just a few weeks ago at Apple’s annual developer event, where the company unveiled several new privacy-centric features that other companies might not be able to replicate (because, you know, Android). But iPhone encryption is only as good as your password. If you don’t use one, or if your password can be easily guessed, anyone with physical access to your phone can get into it. Then there are companies out there that specialize in unlocking mobile devices regardless of how strong the password is, companies that have been working with law enforcement agencies to crack devices during investigations. One of them is Israeli firm Cellebrite, which claims that it can now break into any iPhone or iPad running on Apple’s latest iOS release, as well as high-end Android phones.
In a somewhat unusual move, the company announced its capabilities on Twitter while introducing a brand new “exclusive” solution for law enforcement agencies.
UFED Premium allows the company to extract data from all iOS and high-end Android devices, the company said. That means Cellebrite found a weak spot in Apple’s armor that will enable it to crack any password and extract data from iOS devices. Cellebrite doesn’t explain on its website how everything works, and this is probably a costly discovery. But if the company can unlock any iOS or Android phone, it means the latest versions of each operating system are susceptible to attacks:
Bypass or determine locks and perform a full file system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means.
Gain access to 3rd party app data, chat conversations, downloaded emails and email attachments, deleted content and more, increase your chances of finding the incriminating evidence and bringing your case to a resolution.
However, to unlock an iPhone or Android device, Cellebrite would need physical access to the phone or tablet in question. The product is explicitly targeting law enforcement agencies that would have in their possessions locked mobile devices they’d need to inspect.
That doesn’t mean Cellebrite can perform any remote breaches into iOS or Android devices, at least not with the help of this particular tool. The company did make the news a few years ago for allegedly unlocking an iPhone that belonged to one of the San Bernardino shooters for the FBI after Apple repeatedly refused requests to create a backdoor into its devices. Cellebrite, however, was not the company the FBI hired.
A different security company called Grayshift has also made the news for having been able to unlock password-protected iPhones with the help of a special GrayKey machine. Apple, however, managed to block that hack. A similar cat and mouse game will probably follow for this new Cellebrite tool.
Both Apple and Google have already announced the next-gen versions of iOS and Android. That’s iOS 13, set for a mid-September launch, and Android 10 Q, which will be released about a month earlier.