Israel-Based Vendor Cellebrite Can Unlock Every iPhone, including the Current-Gen iPhone X, That's On the Market: Forbes (forbes.com) 146
Cellebrite, an Israel-based company, knows of ways to unlock every iPhone that's on the market, right up to the iPhone X, Forbes reported on Monday, citing sources. From the report: Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11 . That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.
The Israeli firm, a subsidiary of Japan's Sun Corporation, hasn't made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren't authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company's literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of "Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11." Separately, a source in the police forensics community told Forbes he'd been told by Cellebrite it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple's newest devices worked in much the same way.
The Israeli firm, a subsidiary of Japan's Sun Corporation, hasn't made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren't authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company's literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of "Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11." Separately, a source in the police forensics community told Forbes he'd been told by Cellebrite it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple's newest devices worked in much the same way.
Re: So they have an inside man at Apple (Score:1)
Telling them how the backdoor works.
Yes, Apple has a backdoor. They all do.
This is modded Flamebate?
Wow, Mossad has backdoors in Slashdot as well.
Good to know.
Re: So they have an inside man at Apple (Score:2, Troll)
It's a bit disturbing to me (Score:5, Insightful)
Re:It's a bit disturbing to me (Score:5, Insightful)
I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up, we wouldn't be seeing massive data breaches every few months.
They're really not that good. Private company (Score:4, Interesting)
>. I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up, we wouldn't be seeing massive data breaches every few months.
That sounds nice, but it really wouldn't matter. Note "the intelligence agencies" can't hack iPhones, it's a private company that can. The people a the intelligence agencies really aren't that smart. It's nothing AT ALL like the movies. It's people who got a certificate in cyber security but couldn't get a job in the private sector, which pays better (but expects you to know wtf you're doing). You think Google wastes a lot of time talking about PC bullshit? You should see government! Government doesn't hire the best people. They hire the "disadvantaged" people.
Many, many private companies are in the business of "helping companies identify security weaknesses and shore them up". Heck you can get services from companies like Alert Logic for tens of dollars per month; does your company have static analysis and daily scans?
Re: (Score:2)
Paradox alert!
Re: (Score:2)
Re: (Score:2)
It stops making sense when you realize that you need a 40k security clearance for a good chunk of the entry level IT jobs.
Where do you find an entry level worker with a 40k clearance? Fresh out of the military.
Now you're talking bout a guy who got A+/Net+ certified 3 years ago and was lucky if he was making even the most petty of decisions on his own the last year before he got out.
The only military IT people who impress me are comms guys.
Re: (Score:2)
Re: (Score:2)
I didn't work IT in the military but I watched those who did struggle with some rather laughable textbook-question problems and come up with even sillier solutions. I won't be specific because it could reveal a lot about my identity but these are interview-starter question level problems that any given candidate should be able to answer 3/4ths of... and it wasn't like we had just one guy running IT so between the lot of them they were um less than one good IT generalist if you added them all up.
This was ag
Re: (Score:2)
Re: (Score:2)
It's good at organizing massive rescue efforts. Since the US Armed Forces are expected to go anywhere and kill people, there's a large logistical tail that can go anywhere, and that can be used for other purposes.
Re: (Score:2)
Riiiight.
Because good computer people wanna make a fraction of the pay, take drug tests and answer quizzes about their finances, drug history, and sex life.
Re: (Score:2)
Well, this wasn't a federal job, but I took a government job right out of college (state civil service) because I plain *HATE* the idea of job hopping. Now this *was* a few decades ago, and the group I used to work for is not a place that I wouldn't have wanted to work, but I was rather happy with my job, and they let me refuse to go into management. (I think I was an excellent programmer, but I would have been really incompetent as a manager. They did keep pushing me towards management, but they also co
Re: (Score:2)
Nah I totally feel that. There are some great career positions in the govt if you can find them. Come in, say hi, do your job, go home, and eventually retire.
For some reason IT hiring seems to be a challenge for most companies but the government in particular struggles with it and presents a face that turns off the exact sort of applicants they should be trying to get in the case of infosec.
When it comes to getting "the best of the best of the best!!!" our federal government starts by filtering out all th
Re: (Score:2)
Well I was never "the best of the best", and I certainly wasn't into infosec. But I think I was pretty good, and at least a couple of times I did things that people had thought were impossible. And I kept at least one public facing system from using social security numbers as a unique identifier.
Re: They're really not that good. Private company (Score:2)
Note "the intelligence agencies" can't hack iPhones
Only a fool would believe that.
Re: (Score:3)
Re: (Score:2)
You've extrapolated 2 steps too far (Score:2)
Kaspersky suggested that NSA may have, at one time, used code which was also used by authors of Stuxnet. We also know they purchased much of the code they used. That's quite far from "the authors of Sticker were NSA employees". There is no evidence that the developers were NSA employees. Indeed the fact that similar code is also found in incidents for which NSA has no motive strongly suggests that NSA is but one of the clients/friends of the authors.
> how can you claim that you could even begin to know
Re: (Score:2)
Fun fact:
The government won't pay more because it's unfathomable that low level engineers should make more than the director of national intelligence.
The top people in our government can't grok why a low level employee with rare skills might make more than a guy who takes a job that has a pipeline of 100s of potential applicants all gunning for a seat. We have the best and brightest at the helm!
You got one part right (Score:2)
You got this part right:
> the budget for a datacenter with bazillaflops of GPUs, a petabyte of database dumps
> Typical blackhats have to work with their own deficiencies or form teams. They don't have a ton of say about the kinds of skills that they acquire for their teams. They don't have a lot of ability to do QA on each other's work
Red Dawn was a movie. When Albert Gonzalez (one of the Shadow Crew members) was arrested, the FBI seized $1.6 million in cash he had laying around at that particular hou
Re: (Score:2)
They hire the "disadvantaged" people.
Having worked with some of the governments "security experts", I can confidently confirm this.
Re:It's a bit disturbing to me (Score:5, Interesting)
I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up, we wouldn't be seeing massive data breaches every few months.
You would like to think that but lets make no bones about it. The intelligence and LEA agencies are here for one purpose only. Keeping those in power, in power. Doesn't matter if they deserve it or not. They may operate under the guise of "protecting the country" but when it comes right down to it, its the same thing as keep those in power in power.
Re: (Score:3)
And now they've conned gullible liberals into taking away your guns so you can't fix it like you were supposed to.
Re: (Score:1)
And now they've conned gullible liberals into taking away your guns so you can't fix it like you were supposed to.
Perhaps you don't live in the US, but there hasn't been any attempt to remove guns from anyone. You didn't happen to post this from Russia, did you?
Re: (Score:2)
You don't read the news much, do you?
Re: (Score:2)
Apart from the first sentence, I agree with everything you just said.
Re: (Score:2)
I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up,...
You would like to think that but lets make no bones about it. The intelligence and LEA agencies are here for one purpose only.
Gathering intelligence. That is literally their job.
You might think it would be nice if some agency spend taxpayer $ all day helping software vendors to harden their OS's, and you may even be right. But no such agency exists today, and if Congress were to create one, it would most likely be a separate agency.
Re: (Score:2)
The problem is "why he joined" and "what he's working for five years later" can be rather extremely different...and he may not even realize it after 5 years of being socialized to a particular viewpoint. All too often it morphs into "supporting my comrades in whatever they do". During the 1960's thinking that was "being paranoid", but since then lots of new evidence has come out, to the point where people supporting the normal police policies are reduced to finding exceptional cases to point out. And thi
Re: (Score:2)
Finish the quote:
Suppose we have a "good cop" who refuses to cross the blue line and stop a fellow officer from abusing a suspect in custody, for example, beating a person in handcuffs laying on the floor who offers no resistance. Clearly the officer abusing authority by beating a prone suspect is a bad cop. However, the good cop is now bad too, for failing to stand up for basic human rights. The bad apple spoiled at lea
AC pretends not to understand. (Score:2)
Why would you pretend like you don't know what he's talking about?
Completely different sort of LEO and it's no like there aren't a bunch of town cops who have set up little fiefdoms with a few of the other local power players. Maybe not your friend but there is zero chance that your understanding is actually this bad.
Re: (Score:2)
Re:It's a bit disturbing to me (Score:4, Insightful)
In the real world the gov't protects the gov't. Your lost privacy is their gain.
Re:It's a bit disturbing to me (Score:5, Insightful)
Welcome to a murder 1 charge with pretty damning evidence against you, all because you didn't think privacy was important.
In fact, it is those very situations that our guarantee of privacy from government snooping absent due process is intended to prevent.
Re: (Score:3)
Until your friend pranks you and you jokingly text them "I'm gonna kill you for that" in response and they end up dead a day or two later.
Make a joke about an FBI "secret society" and there'll be hell to pay.
Re: (Score:2)
You mean the FBI isn't a secret society? Crap. They tricked me again. Now what am I going to do with a thousand gallons of goats' blood?
Re: (Score:2)
Cut it with kale and fish sauce and tell people it's Clamato. Or you could get charitable and open a free clinic for goats in need of transfusions.
Re: (Score:2)
-- Filter error: You can type more than that for your comment.
(Ahem that's like trollface.png except with less aliasing and a record deal.)
Re: (Score:2)
IIRC that $500 hammer was because the government wanted them to go through authorized channels and fill out a ream of paperwork rather than just going down to the hardware store. For a gross of hammers, that's not too unreasonable, for one hammer, though.... well, the company didn't want to jump through hoops, but the government insisted, so they set a discouraging price...but the government wasn't discouraged.
Re: (Score:2)
The government also has different requirements than most people. For example, a $600 coffee maker in an aircraft was designed to not be a hazard under enemy attack. Since this is a very small market niche, the coffee makers cost more than they would have in a larger market. Military tools may be designed to work in environments where other tools would break or be unusable.
Re: (Score:1)
Re:It's a bit disturbing to me (Score:4, Insightful)
Your government isn't working hard to bypass iPhone security.
They just paid a private company to do it for them. Doesn't sound like they have any need to focus on it at all.
Re: (Score:2)
There currently doesn't exist a way to get into many locked phones WITH due process.
These tools may allow a locked phone to be searched after a search warrant is issued.
Re:It's a bit disturbing to me (Score:5, Insightful)
These tools may allow a locked phone to be searched after a search warrant is issued.
Or, more likely, allow the FBI/NSA to bypass the warrant entirely by saying, "We didn't do it. A private company, not subject to the constraints of warrants, did it. We just happened to stumble upon the results." They're quite fond of Parallel Construction and its bastard children.
Re: (Score:2)
...that company would likely find itself sued. Quick history: What enabled Ralph Nader to found his first consumer organization was his invasion of privacy lawsuit after GM got caught tapping his phones.
There's a REASON all those telecom companies insist on getting warrants before turning over personal info, and it isn't because they are all good citizens.
Re: (Score:2)
"Yes, Your Honor, the iPhone accidentally found itself in a shipment to Israel, and somebody, not us, must have paid the company, because imagine our surprise when we found...." To use for that purpose, the LEOs would have to have some sort of method to just take a phone and crack it, not send it to an Israeli company.
Parallel construction is used when they can covertly get information by illegitimate means. This isn't covert.
Does Anyone Else (Score:1)
Find it weird that we have seemingly outsourced civil rights and due process to a private company? And more weird that, as a profit-oriented organization, there is some actual protection there?
Since when did our governments decide their populations were "risk factors" and citizens desire for privacy were "non-actionable concerns"?
Yeah, I know the story. Just commenting on what a crappy place we are in.
Re: (Score:1)
Since,... THE BEGINNING. The idea is that THEY control US. If we know what's going on we have the potential to affect outcomes and seize control. This changes the THEM/US dynamic. Bad.
Re: (Score:2)
We haven't outsourced civil rights. LEOs would have to send the phones to the company, and that's going to be pretty obvious if done without a warrant.
Re:It's a bit disturbing to me (Score:5, Insightful)
Our government works so hard to bypass security protocols for consumer technology. OK, so perhaps I'm naive. But a government what works for it's citizens should not be so focused on breaking into our computers without due process. (thank you Patriot Act).
Israel's approach to cybersecurity is very different than the USA. Firstly, a majority of citizens must serve in the military for around 2-3 years. The cybersecurity division of their armed forces is quite substantial. Then, many if not most of those trained individuals are turned loose in the private sector. The skills learned in the military are very transferable to private practice, even if the exact vulnerabilities that a servicemember found in the military are classified and can not be used. Is it any surprise that Israel has a comparatively high percentage of cybersecurity companies?
The US system appears to work mostly in reverse (to an outside observer). The NSA and other agencies find vulnerabilities and then keep them secret. Turnover to and from the private sector isn't as high as the Israeli system. The US military sector does a comparatively worse job training these skills and distributing them to the market, where they may do more good than spying on Angela Merkel.
Re: (Score:2)
The government needs to attack iPhones owned by foreign powers. It would be nice if the technology could be restricted to avoid use on citizens, but that's just not possible, except via regulations.
Look, we trust the government with: men with M-16's, fighter jets, and nukes. We have to to avoid getting conquered by China/Russia/Canada. Information warfare weapons are no less important
Re: (Score:2)
Re: (Score:2)
In fairness, all the Candians I've met are too polite to mention burning it down the first time.
Re:It's a bit disturbing to me (Score:4, Insightful)
Meh - this is fine. They still need due process (eg, a warrant) - this just gives them the technical ability to get into a phone that they have the legal right to do so.
I'm not at all for building INTENTIONAL backdoors into the software (and whatever hole in the security this company is using to gain access I'd hope Apple soon finds and closes), but if they have their warrant I have no issue with them hacking into the phone if they can figure it out. IMHO it's the same as cutting the lock off of a door to gain entry to a building they've secured a warrant to.
On The Bright Side... (Score:4, Insightful)
At least there are plenty of us who are working on unbreakable hardware primitives in silicon that will keep these bastards at bay. It's about as nontrivial as it gets and we and many other have been at it for several years. The endpoint is pretty clear though. We will prevail.
Re: (Score:2)
I thought the newer iPhones were supposed to have hardware-based encryption and security.
Re: (Score:1)
They do. And as every device till now they are susceptible to an attack where the password is brute-forced while the in-silicon failed login counter is restored (likely with the whole memory content, since it's all indeed encrypted).
To defend against such a vector one would need to ensure that external writes or reads are either not possible, or alter the state. Or very slow and expensive, which might be good enough. I am absolutely sure the solution involves some very clever electrical engineering at the v
Re: (Score:2)
> I am absolutely sure the solution involves some very clever electrical engineering at the very edge of the state of the art in IC design.
Yep. You're right on the ball there. that's what I meant by primitives. Circuits that raise the security bar beyond the government actor level.
Re: (Score:2)
I thought the newer iPhones were supposed to have hardware-based encryption and security.
Not all hardware security circuits are immune to attack though. Especially lid-off attacks where the chip is disassembled, probed and reverse engineered. There are defenses against those attacks but it take a lot of work to perfect those defenses.
Re: (Score:2)
lid-off attacks where the chip is disassembled
This is the case where I've done something Really Bad and they've recovered my phone from my dead body. And since I'm not a complete moron, it's unlikely that I'd use my phone while doing Evil anyway.
If they sneak in and lift my phone from the gym locker, all I have to worry about is stuff that they can put back as it was before I'm done on the treadmill.
Re: (Score:2)
lid-off attacks where the chip is disassembled
This is the case where I've done something Really Bad and they've recovered my phone from my dead body. And since I'm not a complete moron, it's unlikely that I'd use my phone while doing Evil anyway.
If they sneak in and lift my phone from the gym locker, all I have to worry about is stuff that they can put back as it was before I'm done on the treadmill.
Criminals will be criminals and they often aren't smart enough to leave the phone at home. However plenty of governments are evil and tech companies have insider attacks. So the need to protect information remains real.
Re: (Score:2)
They do. There's no such thing as perfect security. There's got to be flaws somewhere.
What the Secure Enclave mostly does is ensure that the PIN/password can't be brute-forced, and keep the AES-256 key where it can't normally be extracted. This is a massive improvement over the 5C or earlier, but it seems unlikely to me that there's no point of attack. If you're not worried about putting anything back, you can try to figure out things at the hardware level. It won't be easy, and I don't know how pra
Re: (Score:1)
At least there are plenty of us who are working on unbreakable hardware primitives in silicon that will keep these bastards at bay. It's about as nontrivial as it gets and we and many other have been at it for several years. The endpoint is pretty clear though. We will prevail.
Ha ha ha ah ahah ha. Your work aside, take a pill for that paranoia.
Re: (Score:2)
I imagine any sufficiently motivated entity can completely disassemble the silicon while recording the state, and rebuild it as needed to brute force it. I assume there's some secrecy if you're trying to race to a solution, but I assume there's something you can say on what's going to stop them from salami slicing, observing and salami slicing again?
Re: (Score:2)
You need to work with the assumption that that can happen and make it not matter.
Pinhead visits the DHS... (Score:2)
"We have such data to show you."
Forbes is a total rag these days (Score:5, Insightful)
Re:Forbes is a total rag these days (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2, Interesting)
Normally I'd agree with you over msmash, but not after having gone through Israeli security at one of the smaller regional airports (SDV). I've seen/had them use the tools on me. I had an Indonesian visa in my passport among others, and a very old photo with long hair. I guess I set off some red flags.
At security they confiscated my iPhone 6, which had the boarding pass pulled up in my email app. When I got it back it was the last email I sent to my father. For whatever reason they couldn't also use the
Re: Forbes is a total rag these days (Score:2)
Multi million dollar stolen phone market (Score:2)
Re: (Score:3)
This company has ways to get at the data stored on the phone, not to remove the iCloud lock and reactivate. Activating an iPhone goes through Apple, so there's really no way around this.
Those little sneakers (Score:2)
Re: (Score:2)
Re: (Score:3)
Don't confuse the Jewish people with the corrupt government and intelligence apparatus of Israel. There is a reason Netanyahu has been referred for criminal prosecution.
Re: (Score:1)
The snopes article saying that the plane being brought down for the PURPOSE of one person taking over a patent it false, not the patent and idea itself, which Nicknameunavailable is talking about.
Also, Snopes isn't exactly a...trusted....source site. Let alone one I would trust when it comes to thoughts / ideas that span beyond the 'box' of thinking.
Re: (Score:1)
Re: (Score:1)
Definitely.
I laughed pretty hard when I saw the 'debunk' link pointing to snopes. I even clicked it to see what they had to say. Unfortunately, he linked to an article that had nothing to even do with what you mentioned. But then again, that's how snopes operates -- They take something then 'debunk' something completely unrelated to the original intent and call the entire thing 'false' because they sprinkled a very small part of the original intent in to the fake intent.
Millions of people fall for this. Wis
Re: (Score:1)