Cellebrite Says It Can Unlock Any iPhone For Cops (wired.com) 132
An anonymous reader quotes a report from Wired: On Friday afternoon, the Israeli forensics firm and law enforcement contractor Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it's calling UFED Premium. In marketing that update, it says that the tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3, released just a month ago. Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy S9. No other law enforcement contractor has made such broad claims about a single product, at least not publicly. The move signals not only another step in the cat and mouse game between smartphone makers and the government-sponsored firms that seek to defeat their security, but also a more unabashedly public phase of that security face-off. "Cellebrite is proud to introduce #UFED Premium! An exclusive solution for law enforcement to unlock and extract data from all iOS and high-end Android devices," the company wrote on its Twitter feed for the UFED product. On a linked web page, the company says the new tool can pull forensic data off any iOS device dating back to iOS 7, and Android devices not just from Samsung but Huawei, LG, and Xiaomi.
Security by Obscurity (Score:5, Funny)
"the company says the new tool can pull forensic data off any iOS device dating back to iOS 7..."
Dammit, I know I left that iOS 6 installer around here somewhere...
Fix the bugs (Score:1)
If Cellebrite can get the data, so can identity thieves.
Hold the cell phone companies responsible for identity theft, and they'll fix the bugs that Cellebrite is exploiting... yesterday.
Re: Fix the bugs (Score:2)
In this case, the manufacturer is Foxconn. What do you think theyâ(TM)re supposed to do about it?
Re: (Score:1)
They would not be allowed in the Chinese market if they hadn't given the government access.
Re: (Score:2, Interesting)
Naa
Yeah.
Apple bent over for China to get access to the massive Chinese market. That is the only way market access is permitted by China.
You can't single out Apple though: many other companies are doing exactly the same thing.
Re: More like manufacturer-sponsored (Score:1)
You don't need to single out Apple. They seem to insist the 'secret sauce' that makes their phones and gadgets special is that they are impenetrable. Clearly they are not, or China would not allow them. So all the spinning whizwang, the 'secure enclave' or whatever marketing bullshit phrase they use at present, is meaningless. They are no more secure than any othe communication device.
The specific point is that there is no singling out of Apple. There's nothing really special there. The bullshit evaporates
Re: (Score:2)
Once the gov got interested.
I see (Score:5, Interesting)
So the next iPhone will not only have no headphone jack but also no jack to stick a loading cable in.
Re: (Score:2)
Re: (Score:2)
So the next iPhone will not only have no headphone jack but also no jack to stick a loading cable in.
The one after that wont even have a screen... and you'll still buy it for £1000
Re: (Score:2)
So the next iPhone will not only have no headphone jack but also no jack to stick a loading cable in.
The one after that wont even have a screen... and you'll still buy it for £1000
The NoPhone [thenophone.com]
Re: (Score:2)
You remove one attack vector, but necessitate adding another. Is WiFi/BT that much more secure that USB? Asking for a friend.
Double standard (Score:5, Insightful)
If it is illegal for you or I to hack into someone's iPhone, then why is it perfectly legal for a foreign company to sell software which does the same thing? Companies need to be held at least to the same standards as individuals. This is wrong, not to mention an abuse of power by the police.
Re: (Score:1)
Oh, yeah, "abuse of power of the police" because they can access something you've made. Yeah, totally agree. Just the same when they get a notebook or a paper document you've written... privacy, yeah, totally agree.
Don't you see (or endorse at least) that when a Judge orders you have no privacy at all?
If you don't like a law that might affect you in some scenarios, protest to change that law.
Protesting just because you have not the slightest clue about how freedom enforcement works is not an option: it's si
Re:Double standard (Score:5, Insightful)
Re: (Score:2)
It's illegal for you to bust down my door, yet companies are allowed to sell battering rams to the police. This is the same thing... and I am ok with that. The police should be able to search files on your computer or phone just like they can search your house. After a properly issued search warrant, that is. Anything short of that should not be ok, none of this crap where they pull your files at the border of have a little peek when they pull you over, not even when they arrest you for something. Searching personal digital files should be on the same level as searching a house, requiring a warrant. And since such searches - unlike a physical search - can be conducted quite covertly, access to and use of equipment such as sold by Cellebrite should be strictly controlled, documented and audited.
The issue in the US is one of self incremination; i.e. being forced to enter or provide a password to unlock the device for police even with a warrant. Unless they know what specific information they are looking for, as with any warrant, merely compelling you to hand over your password amounts to them starting a fishing expidtiion and that should be prohibited, IMHO. A physical warrant speels out what specific itms related to the investigation they are seeking; they can't just say "unlock your doors and giv
Re: (Score:2)
Unless they know what specific information they are looking for, as with any warrant,
Let me stop you right there. At the point where the warrant is issued the police need to prove to the judge reasonable suspicion that your device contains specific evidence they are looking for, so when the warrant is in hand you're beyond this point already.
If you have problems with poor standards of judges then by all means complain about that, but by complaining about the wrong part of your due process you don't end up having a very good case.
Re: (Score:2)
Unless they know what specific information they are looking for, as with any warrant,
Let me stop you right there. At the point where the warrant is issued the police need to prove to the judge reasonable suspicion that your device contains specific evidence they are looking for, so when the warrant is in hand you're beyond this point already.
If you have problems with poor standards of judges then by all means complain about that, but by complaining about the wrong part of your due process you don't end up having a very good case.
Reasonable suspicion != beyond reasonable doubt.
The bar for a warrant is, very intentionally, much lower than the one to convict. Yeah, you're in trouble if they get a warrant ... they obviously think something is up. Doesn't mean they have the evidence for a conviction though...and (well, in idealistic theory) they'd need to prove a case and should have access to the evidence that exists. Guilty should be found guilty just as the innocent should go free.
Re: (Score:2)
When was the last time you locked someone up in handcuffs against their will, ticketed them for a traffic offence, drove a car with flashing blue lights and sirens, pulled people over, forcibly stopped them in the street, took them to the floor, used a truncheon / taser, pointed a gun at them, etc.?
Police have rights that you do not. For fecking obvious reasons.
Re: (Score:2)
This is actually how it's *supposed* to work.
If the police get ahold of your safe and have a warrant to see what's inside; they don't get to force you to tell them the combination. And they *definitely* don't get to force the manufacturer to change the design to give them a backdoor. They don't get to force anyone to do anything. They hire a locksmith who wants to do the job.
The same needs to be true everywhere, including iPhones, hard drives, etc. Though, encouraging a foreign agent to compromise US se
Re: (Score:2)
If it is illegal for you or I to hack into someone's iPhone, then why is it perfectly legal for a foreign company to sell software which does the same thing? Companies need to be held at least to the same standards as individuals. This is wrong, not to mention an abuse of power by the police.
Oh come on. It's perfectly legal to sell something that can be used illegally as long as you don't sell it with that intent: Drugs, guns, iPhone hacking tools, etc.
I'm not against them gaining access after a (reasonably issued) search warrant is in-hand. However, giving cops the ability to unlock any phone they get their hands on and letting them ignore all the laws around search and seizure? Oh hell no. Unfortunately, reality is very much going this way and encryption is providing a method to fight ba
Re: (Score:2)
The problem is that the definition of "criminal" can vary widely in different jurisdictions. Or do you think its OK for the secret police organization of some oppressive regime to be able to use a device like this (or a clone produced via stolen or reverse-engineered information) to get data that will allow them to lock up (or execute) people for daring to do things that people in free countries like the USA or Australia take for granted?
Re:Double standard (Score:5, Insightful)
Give us your SSN, Bank Account info, DOB, Zip code, and your medical records. What do you have to hide?
It's not about hiding your "private" information because you have done wrong. It's ALSO about hiding your "private" information so that it is more difficult to do wrong to you by bad actors. Government is often the largest bad actor in everyone lives. They just accept that because fear of not having government is worse for them. But lets avoid getting into the man false dichotomies that sort of talk elicits from the morons like you.
Privacy from both government and fellow citizens is an important component to liberty. Destroying it just makes you less free.
Re: (Score:1)
123456789
01/01/0101
12345-6789
i'm not a human
Re: Double standard (Score:1)
Government already has my ss#, dob, address etc.
Re: (Score:2)
Give us your SSN, Bank Account info, DOB, Zip code, and your medical records. What do you have to hide?
Fuck these Terminators are getting worse... The last one just asked for my clothes, boots and motorcycle.
Trivially easy if you're the state. (Score:1)
Get a copy of the root certificate. If necessary by force. Boom, all security just vanished, and you have root access due to Apple necessarily having root access. This true for any OS/driver maker.
Re: (Score:2)
Assuming they don't have any way to update the device while it's locked, that doesn't help you with locked phones.
Rules of evidence (Score:5, Interesting)
Not sure if it applies to this case, but if someone force-unlocks a phone through some sort of hack, don't they have to reveal what they did to the phone for anything to be admissible in court? Something about chain of custody...
Re: (Score:1)
Not sure if it applies to this case, but if someone force-unlocks a phone through some sort of hack, don't they have to reveal what they did to the phone for anything to be admissible in court? Something about chain of custody...
Chain starts when cops take phone -> cops authorize Cellebrite to work on phone ( everyone that touches at Celebrite must sign that they have touched it) -> Cellebrite returns phone and data ( cops sign for it) .. chain never broken.
Details (Score:5, Interesting)
Right, but what did Cellebrite *do* to the phone? I'm pretty sure when they are being cross examined, the defense can ask *exactly* what they did to the phone.
Think of it this way:
Defense: "What did you do to get into the phone."
Cellebrite: "We have a proprietary procedure."
Defense: "Did you put any code on the phone?"
Cellebrite: "That's proprietary"
Defense: "Did you put data on the phone?"
Cellebrite: "That's proprietary"
Defense: "How do we know you didn't put any evidence on the phone, then?"
Cellebrite: "That's not part of our procedure..."
Defense: "What is your procedure?"
Cellebrite: "We won't tell you."
At that point, the judge will probably toss the evidence, as they have done with cell phone snooping evidence, red light camera evidence, etc...
Re: (Score:2)
It doesn't mean celebrities procedure is not already well understood. It's just proprietary in details to them.
And therefore produces suspect "evidence".
Re: (Score:1)
Re: (Score:3)
Often they don't need to enter the evidence from the phone itself. They can just use information found on it, such as account passwords and text messages, to go and gather other evidence.
Re: (Score:3)
You're describing what's called fruit of the poisonous tree [wikipedia.org]. In general it's not admissible in court in the US. That's why we invented parallel construction! [wikipedia.org]
Re: (Score:2)
I think I'm describing parallel construction. They can't use the evidence on the phone, so they just don't mention that they hacked it and use your iCloud password to look at your photos that way, for example.
Methods (Score:5, Interesting)
When DNA experts testify on DNA evidence, the defense will sometimes have them explain, step by step, the entire DNA sequencing procedure. They are required to do so under the rules of evidence. *Every* step and why. It takes days.
When a similar issue came up with evidence from a red light camera, the tech from the company refused to say how their algorithms worked, and the evidence was not allowed in. The police will refrain from submitting evidence obtained by Stingray devices because they don't want to explain how the things work in court.
Parallel Construction (Score:2)
More Rules (Score:2)
I know that works for getting around invalid search warrants or other procedural problems with rules of admission, but I think the rules of evidence still apply. IE if an officer checks an item out of the evidence locker, but won't testify as to what exactly they did with that evidence, even with parallel construction that evidence would be tossed.
Re: More Rules (Score:3)
I think you are missing whatâ(TM)s being said.
They wonâ(TM)t submit the evidence gotten from the stingray (or in this case the phone). They will instead use what they know from the phone to go find new evidence that they didnâ(TM)t know existed, and submit that evidence under false pretext.
Hypothetical Example: We found drugs hidden in the closet when we did a routine search using a police dog. (When in reality there was a text message on the phone saying drugs were in the closet, and they ot
Re: (Score:2)
I suspect that a lot of the data pulled from cell phones with this will be used for "parallel construction" cases.
They already use data collected for civil assets for forfeiture. Follow the money.
Re:Methods=worse than that (Score:2, Insightful)
Actually, to avoid revealing stingray details, police in documented court cases have obfuscated (that's 'lie' in layman's terms), about where the evidence came from, instead attributing it to 'informants' or whatnot so as not to reveal the use of the stingray.
Any company that can break into a phone means only one thing: the security of the phone is too weak. Period.
Fuck the police. They are not to be trusted. Nor are they your friends. Ever.
Re: (Score:2)
The police will refrain from submitting evidence obtained by Stingray devices because they don't want to explain how the things work in court.
And they do not want their search examined for violations of the 4th amendment leading to the evidence they gathered for parallel construction to be excluded.
Re: (Score:2)
Not sure if it applies to this case, but if someone force-unlocks a phone through some sort of hack, don't they have to reveal what they did to the phone for anything to be admissible in court? Something about chain of custody...
So, you want them to admit how they got evidence?
One has to look no further than an ISMI-catcher to see how far that bullshit goes in our legal system today.
Re: (Score:2)
Not sure if it applies to this case, but if someone force-unlocks a phone through some sort of hack, don't they have to reveal what they did to the phone for anything to be admissible in court? Something about chain of custody...
That is what parallel construction is for.
Re: (Score:2)
The person who did not "carry around a smartphone" that's always connected around stands out.
So do people who turn their smart phone off for a while.
DMCA Violation (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Copying copyrighted data off your phone is illegal without permission from the copyright holder, unless you get a warrant. This should make it illegal for border guards or traffic cops to search your phone.
Yes, it should make it illegal. However, should and would are worlds apart in our surveillance society.
Here's how to protect your data (Score:2)
Re: (Score:2)
DON'T store anything on your smartphone. Another idea...the cell phone manufacturer, needs to include a "self destruct" feature. This feature would release a small amount of hydrocloric acid into the phone, melting the chips that have data stored on them. LOL.
That is similar to the IronKey drives. 10 bad passwords in a row and bye bye data. When I issued them I insisted on getting each usewr's password and locking them up in case they forgot it.
Re: (Score:2)
Don't store anything on your smartphone? What kind of answer is that, though? I mean, hey -- I can tell you how to secure your data, guaranteed in ANY situation then. Just don't keep anything!
No -- I think anyone using their phone as it's intended will have some personal data stored on it. The real problem is that almost anything you can lock down can be unlocked again. When you see digital technologies that haven't ever been broken, it's really just because it wasn't a target that was worth the amount of
Re: They forgot to mention... (Score:2, Funny)
Yeah they actually just call the target and say, âoeHello, this is Apple support, we have detected law enforcements attempts to unlock your phone. If you give us your password we can block them forever!â
This has proven wildly successful.
Re: (Score:2)
The US government doesn't need tools to do it remotely, they can just go to Apple and compel them to upload compromised software.
Their software is always a man in the middle and it's only a single update away from compromise. The excuse that they have designed the unlocking such that even they can't compromise it, doesn't and can not apply to software updates.
Re: (Score:2)
No, FBI had a locked phone they wanted to unlock. Apple has developed the phone locking to be resistant against attacks, even from Apple itself.
They can not do the same for software updates. Their software is always a man in the middle between your phone's data and if you accept automatic updates they can backdoor that software whenever they please.
It can be no other way. Any time you accept automatic updates from an US company you accept that a single National Security Letter can backdoor your device.
Re: (Score:1)
face it a merkins in a general are just a major devolving of mankind.
Re: (Score:1)
"The marketing patent states 1,000 cut-minimum, so unless you wanna get sued.."
wtf? Marketing patent? 1,000 cut-minimum? What does that even mean? But I guess only Americans are dumb.
Re: (Score:1)
"The marketing patent states 1,000 cut-minimum, so unless you wanna get sued.."
wtf? Marketing patent? 1,000 cut-minimum? What does that even mean? But I guess only Americans are dumb.
Fucking hell...apparently you're too stupid to figure that one out on your own.
Death by 1,000 Cuts. Go educate yourself.
Re: (Score:1, Troll)
The dumbing down of Americans stemming from their addiction to "smart" phones as they walk around like zombies is a form of genocide.
The idea that Americans are getting dumber because of their phones is a form of stupidity. They were already stupid. You're just hearing more about it because they're posting things that makes it clear.
Re: (Score:3)
The dumbing down of Americans stemming from their addiction to "smart" phones as they walk around like zombies is a form of genocide.
The idea that Americans are getting dumber because of their phones is a form of stupidity. They were already stupid. You're just hearing more about it because they're posting things that makes it clear.
I agree with you, but there is also the compounding element of everyone having the universe of answers in their pocket at all times, so why gain wisdom when I have Google/Siri/Alexa.
Don't overlook the related factors of our dumbing down. It's getting worse, regardless of how narcissistic the average idiot now is.
Re: (Score:3, Informative)
Lol. You do know what Plato said about reading and writing, right?
If men learn this, it will implant forgetfulness in their souls; they will cease to exercise memory because they rely on that which is written, calling things to remembrance no longer from within themselves, but by means of external marks. What you have discovered is a recipe not for memory, but for reminder. And it is no true wisdom that you offer your disciples, but only its semblance, for by telling them of many things without teaching them you will make them seem to know much, while for the most part they know nothing, and as men filled, not with wisdom, but with the conceit of wisdom, they will be a burden to their fellows.
Re: (Score:2)
Lol. You do know what Plato said about reading and writing, right?
If men learn this, it will implant forgetfulness in their souls; they will cease to exercise memory because they rely on that which is written, calling things to remembrance no longer from within themselves, but by means of external marks. What you have discovered is a recipe not for memory, but for reminder. And it is no true wisdom that you offer your disciples, but only its semblance, for by telling them of many things without teaching them you will make them seem to know much, while for the most part they know nothing, and as men filled, not with wisdom, but with the conceit of wisdom, they will be a burden to their fellows.
During the time of Plato, intelligence and wisdom was far more revered. Today, narcissism and fame is. Ignorance has existed throughout all time, but elevating it to the level we have today, in the face of unending amounts of information in the palm of our hands, takes real fucking effort.
Re: (Score:1)
Bhahaha, you're so right.
Isn't history filled with stories of dumb science bitches (smart people) sharing what were considered wild ideas and getting a mountain of shit for it? The earth NOT being the center of the universe for example.
Of course we view classical periods through the lens of those who actually wrote thing down and get some romantic view of philosophers walking around in togas talking about the nature of existence but I'm sure it was just as you say. Nerds writing stuff down and everyone else
Re: (Score:1)