Cellebrite: We keep iPhone exploits secret for the public’s safety

“Earlier this week, Forbes learned that Israel-based U.S. government contractor Cellebrite was touting the ability to unlock the majority of iOS models on the market,” Thomas Fox-Brewster reports for Forbes. “That included devices running the latest Apple operating system iOS 11.2.6, and the newest models, the iPhone 8 and X. It hasn’t been forthcoming with any details on just how it’s doing that and in an interview chief marketing officer Jeremy Nazarian wouldn’t be drawn on providing many specifics.”

“That Nazarian is speaking with press at all is perhaps surprising, given the company’s typically taciturn approach. There’s a very good reason for the company’s reticence, especially on the details of the iPhone vulnerabilities it finds. Each one is like gold dust, allowing possible penetration into one of the most secure phones on the market,” Fox-Brewster reports. “Cellebrite doesn’t want to give up the secrets that are at the very core of its value to law enforcement and forensics specialists, who want consistent access to iPhones, or any smartphone that potentially holds vital evidence. Give up any details, ones that Apple’s security technicians can latch onto to develop fixes, and the company risks kissing goodbye to its unique unlocking capabilities.”

“The CMO also sought to calm fears over any malicious, illegal use of Cellebrite’s tools. ‘It’s not like this is over the wire listening technology… It requires physical access. It’s not like anyone is listening to your iPhone or my iPhone. It needs to be obtained as evidence as part of an investigation or a case,’ Nazarian added,” Fox-Brewster reports. “Director of cyber solutions at Point3 Security, Ryan Duff… a former cyber operations tactician at the U.S. Cyber Command, said any exploit would likely have to disable those Secure Enclave features to allow for quicker brute forcing.”

Read more in the full article here.

MacDailyNews Take: As always, if you want a really secure, uncrackable iPhone, you should employ a long and complex passcode that would be impossible to brute force.

To set up a custom alphanumeric passcode:
1. Go to Settings > Touch ID & Passcode. On devices without Touch ID, go to Settings > Passcode. If you have an iPhone X, go to Settings > Face ID & Passcode.
2. Tap Turn Passcode On.
3. Tap Passcode Options to switch to a custom alphanumeric code. Enter your passcode.
4. Enter your passcode again to confirm it and activate it.

To change to a custom alphanumeric passcode:
1. Go to Settings > Touch ID & Passcode. On devices without Touch ID, go to Settings > Passcode. If you have an iPhone X, go to Settings > Face ID & Passcode.
2. Tap Change Passcode.
3. Tap Passcode Options to switch to a custom alphanumeric code. Enter your passcode.
4. Enter your passcode again to confirm it and activate it.

SEE ALSO:
Proving Apple’s assertion that there are no good backdoors, hacker dumps iOS cracking tools allegedly stolen from Cellebrite – February 2, 2017
Apple’s new challenge: Learning how the U.S. cracked terrorist’s iPhone – March 29, 2016
Did the FBI just unleash a hacker army on Apple? – March 29, 2016
Apple declares victory in battle with FBI, but the war continues – March 29, 2016
Apple vows to increase security as FBI claims to break into terrorist’s iPhone – March 29, 2016
U.S. government drops Apple case after claiming hack of terrorist’s iPhone – March 29, 2016
Meet Cellebrite, the Israeli company reportedly cracking iPhones for the FBI – March 24, 2016

18 Comments

    1. Don’t give me that crap, Cellebrite. It is for the money, the loot, the quan. Or is Cellebrite a non-profit company filled with volunteers and donating everything to the children?

      I know I am getting more and more cynical in my old age. But the monstrous load of lying bullshit that flows out of people in government and industry these days just chaps my ass. And no one holds them accountable, at least not very effectively.

      1. ““Cellebrite doesn’t want to give up the secrets that are at the very core of its value to law enforcement and forensics specialists…”

        And why should they? All companies protect their trade secrets in order to exploit them FOR A PROFIT.

        if they didn’t you wouldn’t have a job.

  1. One of the basic concepts of bypassing security back in the 8-bit computing days was to simply get the ‘OK’ state generated by the ‘security’ SW/HW module and ‘send’ it back to the calling subroutine. Most software at the time only checked once in the start/load somewhere and then you had full access to the software until you exited. After a while developers checked each time a write access was required. But the same ‘OK’ state was used so all that was needed was to provide that when needed again.

    The point is that depending on how the Secure Enclave communicates with the rest of the system is set up, the process Cellebrite uses may not involve hacking the internals of the Secure Enclave (SE) at all, but simply ‘inserting’ themselves between the SE and rest of the system and handling all requests for the ‘OK’ state.

      1. Since the SE is currently a discrete chip it may take some work but seems possible. Perhaps a redesign where the SE is more distributed would counter Cellebrite should their process be based on man-in-the-middle.

  2. So it’s OK to give iPhone exploits to a law enforcement agency of a terrorist nation but they don’t give Apple the iPhone exploits, therefore putting public safety at risk.

    Keep working on protecting people’s privacy Apple, this is exactly the kind of scum that is willing to cut throat people’s privacy for a pound of flesh.

  3. “‘It’s not like this is over the wire listening technology… It requires physical access. It’s not like anyone is listening to your iPhone or my iPhone. It needs to be obtained as evidence as part of an investigation or a case,’ Nazarian added,”

    Obviously the conspiracy theorists only read the part they were interested in. Considering the millions of active iPhones worldwide, it would be physically and financially impossible to listen to all, let alone get a court order allowing it.

    Don’t become part of a criminal/terrorist enterprise and you have nothing to worry about. Even then law enforcement doesn’t have the resources (human and financial) to examine all the iPhones they’d like to.

    Remember, for Cellubrite’s solution to work, law enforcement must have PHYSICAL POSSESSION of your iPhone. They cannot compromise your iPhone over the air.

    1. Frankly, I don’t believe them. They claim they’ve been marketing this ability since the iPhone X came out, yet not more than three weeks ago the FBI was imploring Apple to unlock an older iPhone. If they already have Cellebrite’s exploits, why involve Apple at all?

      In addition, the ability to lock or unlock the iPhone after iOS 8 is not in the iOS. It’s in the HARDWARE! It’s buried in the Secure Enclave Encryption Processor which is not even accessible by iOS or from the main data processor. Each one of the boot sequence chips are inter-registered with every other chip and removing or tampering with any prevents the entire boot sequence from completing. I think they are puffing their tools software and it cannot do what they claim.

  4. It’s worth bearing in mind that less than 12 months ago, it was announced that Jonathan Zdziarski had joined Apple. He enjoyed a reputation as one of the most respected experts on IOS security and forensic examination.

    It’s too soon for any work he has done at Apple to have reached consumers yet, but as a ‘poacher turned gamekeeper’, he is able to bring his unique expertise to Apple with regards to how IOS security systems can be compromised and how to harden IOS against it in the future.

    Cellebrite may be riding high at the moment and very much in demand, but the rules of the game ( and the effectiveness of their technique ) can rapidly change at any time.

    It’s hard to judge how much Cellebrite charges to crack an iPhone or how long it takes them. One report suggested that they only charge $1,200 per iPhone, while another stated that it took them about two weeks to unlock an iPhone X. It doesn’t sound remotely plausible that a highly specialist operation like that only charges $1,200 for two week’s work.

    Whichever way you look at it, the man ( or woman, or other genders ) in the street has little to worry about if the authorities need physical possession of your iPhone for multiple days in order to unlock it. This is a technique which will only be used in connection with serious crimes.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.