All you need to unlock any iPhone is a proprietary zero day flaw. Not exactly newsworthy. Their technique can vanish at any moment if it’s discovered and fixed.
Only if it’s running, if it’s off you need some way to fetch data you’re not supposed to be able to fetch and then brute force the key which is supposed to use very large amounts of cpu power. A flaw in the security chip would allow you to use the secret data and run the calculation on the chip, but that severely limits the amount of calculations you can do.
This may very well be limited to phones which have short numeric passcodes.
My understanding (under US law) is that accessing computer systems without authorization is illegal.
However, you can totally make tools to hack your own stuff.
And this company only advertises their unlocking abilities to law enforcement services, who are presumably authorized to access the device (via warrant). So the company itself isn't accessing devices without authorization, so they aren't technically "hacking anybody".
Cellebrite sells law enforcement an on-premise method to unlock devices. At that point it's no longer Cellebrite unlocking the phones, it's Law enforcement who is unlocking the devices.
Since they (at glance) only sell to law enforcement I think it's reasonable to assume that they expect their device to be used legally (they aren't selling it to @xxXRUSKI1337Hax04xXX who we all no is up to no good.)
Disclaimer: My understanding is mostly of US law, the company is Israeli and I'm not familiar with Israeli law, or the laws of other countries Cellebrite contracts with, although I think this would similarly apply to most jurisdictions
That device turned out (way down at the bottom of the thread where it's easy to miss) to be a non-law-enforcement model used by e.g. cellphone stores to transfer data between unlocked phones.
> The device bought in the thrift store appears to be a device to copy data from phones already unlocked and open, in other words, not the most interesting device they have, and it's from 2014.
It is not law enforcement grade, just simple copier Cellebrite made for mobile phone stores to copy data from old phone to new one.
Police officers conducting a search of a suspect's premises must present a valid search warrant. Police officers requesting that a telecom company aid in surveillance of a suspect must present a valid search warrant. Google, despite of late being the butt of all jokes, will not cooperate with police officers unless a valid warrant is presented. Thus it follows that Cellebrite isn't somehow excluded from following the law just like all those other companies, and cannot support unlocking of iPhones or other devices without being shown a valid search warrant.
Celebrate doesn't need to know anything about warrants. They sell a physical device to law enforcement agencies. They don't validate individual uses of the equipment. Seems to me no different than a gun manufacturer selling guns to law enforcement and not needing to validate individual firings of the gun.
First, police officers conducting a search do not need to present a warrant; they can certainly ask for you to volunteer access. Companies that require law enforcement to provide a warrant may be obligated to do so by some kind of data protection legislation, but I doubt this is generally the case; more likely, we would consider this a courtesy to their customers.
Finally Cellebrite does not seem to actually do any unlocking; rather, it sells it's tool to the government. As long as that sale is legal, they are out of the picture.
> What are the chances that Cellebrite requires clients to supply a warrant for each device they unlock?
Why would they need to?
They supply devices to clients that can be reasonably expected to have access to warrants at need. The US legal system, at least, does not consider it reasonable for Cellbrite to actively monitor and police every use of its products by its legal customers to ensure full adherence to surrounding legal requirements.
Depends on the client and purpose and actual action.
Thinly veiled PR like this is advertisement to state agencies who will contract their work out to you. Even if it is work with a government that your own government doesn't agree with, thats when the lack of munitions regulation on exploits comes into play. So as long as your state client isn't on the OFAC list, you can take the contract.
Exploiting probably isn't illegal, but as soon as you begin to use these exploits against other people to access their data it is illegal. So selling the exploit or performing it for clients would mean assisting someone in breaking the law.
They probably aren't going to get in trouble since their clients are often government agencies themselves.
It's only illegal to access a device without authorization, and they only sell to law enforcement (who presumably have a warrant or whatnot, and thus authorization) so Cellebrite themselves isn't accessing anybodies systems.
Accessing any computer system without authorization is that part that is generally illegal, "Hacking" itself isn't illegal, and while accessing your bosses computer while it's unlocked isn't "hacking" it's still illegal.
However most countries can authorize law enforcement to access the device under various conditions (for example a warrant). So while the owner of the device doesn't authorize accessing the device, the law allows the police to access it.
This is partly why being on iOS betas might be good personal mitigation. They may not have immediate capability on any particular iOS beta. The exploit may or may not exist, or their code would need to be updated to properly handle it. So, to me, it makes sense to stay ahead of their development cycle and avoid a threat if you have a reason to think law enforcement might want your phone contents.
Or, more likely, you open yourself up to programmer error and easier-to-find exploits since the software hasn't been properly tested since you are doing that for them.
On the other hand the people developing these hacks haven't had as long to find any new vunls so you're really only potentially vulnerable to old hacks.
Beta software is by nature buggy and less-tested. An aggressive update schedule leaves you vulnerable to regressions or other exploitable trivialities. We don't run beta code in production for a reason, nor should anybody whose freedom is at stake.
Whether or not local LE has immediate capability, if you're wanted for capital murder and they can't break your phone the case does not stall, they ship the phone off for analysis. Cellebrite may (or may not) discover a new 0-day just for you.
Your phone is more damning than being caught with a cache of munitions. A stockpile of fertilizer and blasting caps can be argued as circumstantial, but phones often contain the evidence that betray intent-- a search query, a text message, an email.
There is a myth in the infosec community that phones, because of their tendency to be 'always on' devices; that phones are more secure/private than a standard Windows desktop machine or even a macbook machine running OSX. This is a BS concept - Phones leak data all over the place and have a higher data exhaust than a desktop computer.
Unless the phone is flashed with LineageOS[0], it will phone home data to Google nonstop and beacon out its presence to hackers 24/7. To make matters worse, there is a huge fragmentation problem with Android and some phones are disallowed from updating to the latest Android version. The same goes for iOS; a user can often be locked into using the same iOS version and cant upgrade to the latest version (a huge security hole)
Apple still provides security fixes for phones as old as the iphone 5s, which was released almost 6 years ago.
I don't think that's even remotely comparable to the fragmentation problems Android has where you're lucky to get even 2 years of security updates with some providers
6 years is still twice as long as the original 3 year commitment apple made when the 5S came out and it's 6x as long as most android phones that were manufactured at that time.
Windows spews to 30+ microsoft domains with pinned certs, so we can't MITM to see what's going on.
Android spews to X Google domains with pinned certs, so we can't MITM to see what's going on.
Apple is perceived to value security and privacy, due to prior postures and public statements that Apple doesnt work with terrori... FBI. But we only have their word.
The only thing that doesn't spit and spew is a hardened install of Linux.
All are terrible, except Linux. We know what it's doing.
Phones can be more secure than a desktop because the user isn’t allowed to make decisions that are bad, such as installing untrusted software or allowing that software out of the sandbox.
Using a specific Android like distribution is not a magic bullet and will not solve all your security problems.
Even if this is fixed, law enforcement just has to capture a device and wait until someone creates a security exploit for the new version. They might wait a couple of years, but either way, you can't treat your devices as eternally safe encryption vaults.
Having these outside, ostensibly-unaffiliated teams provide law enforcement with access helps prevent government/legal pressure on Apple to explicitly backdoor their systems.
The ideal bit of kabuki-theater for Apple would be for Apple to always maintain a public stance of total devotion to end-user security... while reliably letting enough subtle, hard-to-find flaws linger so that a few of the most-well-resourced government-friendly agencies can run a business like this. "Everybody" wins!
Indeed, I'd expect it more likely that Cellebrite & their ilk infiltrate Apple with secret agents, or in other ways obtain Apple-proprietary information, to assist their tool-building. Forbes has reported that a competitor to Cellebrite, Grayshift, includes at least one ex-Apple security engineer among its "Principals":
I guarantee Apple has access to these as soon as they appear. I also have doubts that their claims are true, since we cannot verify that it in any way.
