Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Government Iphone Privacy Security Technology

Cellebrite Says It Can Unlock Any iPhone For Cops (wired.com) 132

An anonymous reader quotes a report from Wired: On Friday afternoon, the Israeli forensics firm and law enforcement contractor Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it's calling UFED Premium. In marketing that update, it says that the tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3, released just a month ago. Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy S9. No other law enforcement contractor has made such broad claims about a single product, at least not publicly. The move signals not only another step in the cat and mouse game between smartphone makers and the government-sponsored firms that seek to defeat their security, but also a more unabashedly public phase of that security face-off. "Cellebrite is proud to introduce #UFED Premium! An exclusive solution for law enforcement to unlock and extract data from all iOS and high-end Android devices," the company wrote on its Twitter feed for the UFED product. On a linked web page, the company says the new tool can pull forensic data off any iOS device dating back to iOS 7, and Android devices not just from Samsung but Huawei, LG, and Xiaomi.
This discussion has been archived. No new comments can be posted.

Cellebrite Says It Can Unlock Any iPhone For Cops

Comments Filter:
  • by geekmux ( 1040042 ) on Saturday June 15, 2019 @05:10AM (#58766586)

    "the company says the new tool can pull forensic data off any iOS device dating back to iOS 7..."

    Dammit, I know I left that iOS 6 installer around here somewhere...

  • by Anonymous Coward

    If Cellebrite can get the data, so can identity thieves.

    Hold the cell phone companies responsible for identity theft, and they'll fix the bugs that Cellebrite is exploiting... yesterday.

  • I see (Score:5, Interesting)

    by nospam007 ( 722110 ) * on Saturday June 15, 2019 @05:43AM (#58766664)

    So the next iPhone will not only have no headphone jack but also no jack to stick a loading cable in.

    • by mjwx ( 966435 )

      So the next iPhone will not only have no headphone jack but also no jack to stick a loading cable in.

      The one after that wont even have a screen... and you'll still buy it for £1000

      • by q4Fry ( 1322209 )

        So the next iPhone will not only have no headphone jack but also no jack to stick a loading cable in.

        The one after that wont even have a screen... and you'll still buy it for £1000

        The NoPhone [thenophone.com]

    • by torkus ( 1133985 )

      You remove one attack vector, but necessitate adding another. Is WiFi/BT that much more secure that USB? Asking for a friend.

  • Double standard (Score:5, Insightful)

    by Anonymous Coward on Saturday June 15, 2019 @06:27AM (#58766750)

    If it is illegal for you or I to hack into someone's iPhone, then why is it perfectly legal for a foreign company to sell software which does the same thing? Companies need to be held at least to the same standards as individuals. This is wrong, not to mention an abuse of power by the police.

    • Oh, yeah, "abuse of power of the police" because they can access something you've made. Yeah, totally agree. Just the same when they get a notebook or a paper document you've written... privacy, yeah, totally agree.

      Don't you see (or endorse at least) that when a Judge orders you have no privacy at all?

      If you don't like a law that might affect you in some scenarios, protest to change that law.

      Protesting just because you have not the slightest clue about how freedom enforcement works is not an option: it's si

    • Re:Double standard (Score:5, Insightful)

      by JaredOfEuropa ( 526365 ) on Saturday June 15, 2019 @08:24AM (#58767018) Journal
      It's illegal for you to bust down my door, yet companies are allowed to sell battering rams to the police. This is the same thing... and I am ok with that. The police should be able to search files on your computer or phone just like they can search your house. After a properly issued search warrant, that is. Anything short of that should not be ok, none of this crap where they pull your files at the border of have a little peek when they pull you over, not even when they arrest you for something. Searching personal digital files should be on the same level as searching a house, requiring a warrant. And since such searches - unlike a physical search - can be conducted quite covertly, access to and use of equipment such as sold by Cellebrite should be strictly controlled, documented and audited.
      • It's illegal for you to bust down my door, yet companies are allowed to sell battering rams to the police. This is the same thing... and I am ok with that. The police should be able to search files on your computer or phone just like they can search your house. After a properly issued search warrant, that is. Anything short of that should not be ok, none of this crap where they pull your files at the border of have a little peek when they pull you over, not even when they arrest you for something. Searching personal digital files should be on the same level as searching a house, requiring a warrant. And since such searches - unlike a physical search - can be conducted quite covertly, access to and use of equipment such as sold by Cellebrite should be strictly controlled, documented and audited.

        The issue in the US is one of self incremination; i.e. being forced to enter or provide a password to unlock the device for police even with a warrant. Unless they know what specific information they are looking for, as with any warrant, merely compelling you to hand over your password amounts to them starting a fishing expidtiion and that should be prohibited, IMHO. A physical warrant speels out what specific itms related to the investigation they are seeking; they can't just say "unlock your doors and giv

        • Unless they know what specific information they are looking for, as with any warrant,

          Let me stop you right there. At the point where the warrant is issued the police need to prove to the judge reasonable suspicion that your device contains specific evidence they are looking for, so when the warrant is in hand you're beyond this point already.

          If you have problems with poor standards of judges then by all means complain about that, but by complaining about the wrong part of your due process you don't end up having a very good case.

          • by torkus ( 1133985 )

            Unless they know what specific information they are looking for, as with any warrant,

            Let me stop you right there. At the point where the warrant is issued the police need to prove to the judge reasonable suspicion that your device contains specific evidence they are looking for, so when the warrant is in hand you're beyond this point already.

            If you have problems with poor standards of judges then by all means complain about that, but by complaining about the wrong part of your due process you don't end up having a very good case.

            Reasonable suspicion != beyond reasonable doubt.

            The bar for a warrant is, very intentionally, much lower than the one to convict. Yeah, you're in trouble if they get a warrant ... they obviously think something is up. Doesn't mean they have the evidence for a conviction though...and (well, in idealistic theory) they'd need to prove a case and should have access to the evidence that exists. Guilty should be found guilty just as the innocent should go free.

    • by ledow ( 319597 )

      When was the last time you locked someone up in handcuffs against their will, ticketed them for a traffic offence, drove a car with flashing blue lights and sirens, pulled people over, forcibly stopped them in the street, took them to the floor, used a truncheon / taser, pointed a gun at them, etc.?

      Police have rights that you do not. For fecking obvious reasons.

    • This is actually how it's *supposed* to work.

      If the police get ahold of your safe and have a warrant to see what's inside; they don't get to force you to tell them the combination. And they *definitely* don't get to force the manufacturer to change the design to give them a backdoor. They don't get to force anyone to do anything. They hire a locksmith who wants to do the job.

      The same needs to be true everywhere, including iPhones, hard drives, etc. Though, encouraging a foreign agent to compromise US se

    • by torkus ( 1133985 )

      If it is illegal for you or I to hack into someone's iPhone, then why is it perfectly legal for a foreign company to sell software which does the same thing? Companies need to be held at least to the same standards as individuals. This is wrong, not to mention an abuse of power by the police.

      Oh come on. It's perfectly legal to sell something that can be used illegally as long as you don't sell it with that intent: Drugs, guns, iPhone hacking tools, etc.

      I'm not against them gaining access after a (reasonably issued) search warrant is in-hand. However, giving cops the ability to unlock any phone they get their hands on and letting them ignore all the laws around search and seizure? Oh hell no. Unfortunately, reality is very much going this way and encryption is providing a method to fight ba

  • by Anonymous Coward

    Get a copy of the root certificate. If necessary by force. Boom, all security just vanished, and you have root access due to Apple necessarily having root access. This true for any OS/driver maker.

  • Rules of evidence (Score:5, Interesting)

    by JBMcB ( 73720 ) on Saturday June 15, 2019 @07:26AM (#58766866)

    Not sure if it applies to this case, but if someone force-unlocks a phone through some sort of hack, don't they have to reveal what they did to the phone for anything to be admissible in court? Something about chain of custody...

    • by Anonymous Coward

      Not sure if it applies to this case, but if someone force-unlocks a phone through some sort of hack, don't they have to reveal what they did to the phone for anything to be admissible in court? Something about chain of custody...

      Chain starts when cops take phone -> cops authorize Cellebrite to work on phone ( everyone that touches at Celebrite must sign that they have touched it) -> Cellebrite returns phone and data ( cops sign for it) .. chain never broken.

      • Details (Score:5, Interesting)

        by JBMcB ( 73720 ) on Saturday June 15, 2019 @08:00AM (#58766940)

        Right, but what did Cellebrite *do* to the phone? I'm pretty sure when they are being cross examined, the defense can ask *exactly* what they did to the phone.

        Think of it this way:

        Defense: "What did you do to get into the phone."
        Cellebrite: "We have a proprietary procedure."
        Defense: "Did you put any code on the phone?"
        Cellebrite: "That's proprietary"
        Defense: "Did you put data on the phone?"
        Cellebrite: "That's proprietary"
        Defense: "How do we know you didn't put any evidence on the phone, then?"
        Cellebrite: "That's not part of our procedure..."
        Defense: "What is your procedure?"
        Cellebrite: "We won't tell you."

        At that point, the judge will probably toss the evidence, as they have done with cell phone snooping evidence, red light camera evidence, etc...

        • This is where parallel construction comes in. They create a fictitious story as to how they obtained the data. Look up the term if you don't know what i'm talking about.
        • by AmiMoJo ( 196126 )

          Often they don't need to enter the evidence from the phone itself. They can just use information found on it, such as account passwords and text messages, to go and gather other evidence.

    • Not sure if it applies to this case, but if someone force-unlocks a phone through some sort of hack, don't they have to reveal what they did to the phone for anything to be admissible in court? Something about chain of custody...

      So, you want them to admit how they got evidence?

      One has to look no further than an ISMI-catcher to see how far that bullshit goes in our legal system today.

    • by Agripa ( 139780 )

      Not sure if it applies to this case, but if someone force-unlocks a phone through some sort of hack, don't they have to reveal what they did to the phone for anything to be admissible in court? Something about chain of custody...

      That is what parallel construction is for.

  • DMCA Violation (Score:5, Insightful)

    by Luthair ( 847766 ) on Saturday June 15, 2019 @09:46AM (#58767268)
    For breaking digital locks? :)
    • Copying copyrighted data off your phone is illegal without permission from the copyright holder, unless you get a warrant. This should make it illegal for border guards or traffic cops to search your phone.
      • Copying copyrighted data off your phone is illegal without permission from the copyright holder, unless you get a warrant. This should make it illegal for border guards or traffic cops to search your phone.

        Yes, it should make it illegal. However, should and would are worlds apart in our surveillance society.

  • DON'T store anything on your smartphone. Another idea...the cell phone manufacturer, needs to include a "self destruct" feature. This feature would release a small amount of hydrocloric acid into the phone, melting the chips that have data stored on them. LOL.
    • DON'T store anything on your smartphone. Another idea...the cell phone manufacturer, needs to include a "self destruct" feature. This feature would release a small amount of hydrocloric acid into the phone, melting the chips that have data stored on them. LOL.

      That is similar to the IronKey drives. 10 bad passwords in a row and bye bye data. When I issued them I insisted on getting each usewr's password and locking them up in case they forgot it.

    • by King_TJ ( 85913 )

      Don't store anything on your smartphone? What kind of answer is that, though? I mean, hey -- I can tell you how to secure your data, guaranteed in ANY situation then. Just don't keep anything!

      No -- I think anyone using their phone as it's intended will have some personal data stored on it. The real problem is that almost anything you can lock down can be unlocked again. When you see digital technologies that haven't ever been broken, it's really just because it wasn't a target that was worth the amount of

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...