While Cellebrite has introduced new iPhone Breaking Solutions, it's still limited to iPhones up to 2017
Digital forensics firm Cellebrite released a new tool that could be used to access data on the iPhones at the heart of the latest spat between Apple Inc. and the FBI, according to Bloomberg news.
Cellebrite pushed out an update to its UFED Physical Analyzer software that helps law enforcement agencies and other customers extract and analyze information on some iPhones.
Yesterday Shahar Tal, a security research vice president at Cellebrite, wrote in an email to customers: "For the first time ever, a wealth of previously untapped data sets from iOS devices can be leveraged to change the course of investigations. This update allows you to quickly perform a forensically sound temporary jailbreak and full file system extraction within one streamlined workflow."
The tool uses an exploit called Checkm8 that allows access to chips running on iPhones released between 2011 and 2017. Cellebrite, owned by Japan’s Sun Corp. said its latest version of the tool works with the iPhone 5S, first sold in 2013, through the iPhone X, sold in 2017.
This could help investigators analyze at least one of the iPhones that belonged to Mohammed Saeed Alshamrani, the perpetrator of a Dec. 6 terrorist attack at a Navy base in Florida. Alshamrani died and his iPhone 5 and iPhone 7 were locked, leaving the FBI looking for ways to hack into the devices.
The FBI has been pressing Apple to help it break into the terrorist’s iPhones, but the government can hack into the devices without the technology giant, experts in cybersecurity and digital forensics said on Tuesday. Read the full Bloomberg report titled "iPhone Hacking Firm Updates Tool in Midst of Apple-FBI Spat" on their homepage today.
Bloomberg added that "The FBI Can Unlock Florida Terrorist’s iPhones Without Apple." Yet what happens when the FBI needs to break into an iPhone XR or iPhone 11 Pro? Cellebrite has no solution for that yet. And what about WhatsApp software?
This obsession with some that the FBI can hack some iPhones with Cellebrite tools as a solution is missing the point. The issue is about tech companies having to comply with court orders which has nothing to do with Cellebrite. Apple, Google, Facebook are not above the law. Criminals shouldn't have a safe haven, even on Apple devices.
Without a doubt this will be an ongoing issue with us for some time. On December 10th, Lindsey Graham, R-SC, chairman of the Senate Judiciary Committee, in context with encryption, told representatives from Apple and Facebook, during their testimony: "You’re going to find a way to do this or we’re going to do this for you." Silicon Valley has one year to come up with a solution to comply with court orders to provide information on user's smart devices.
Everyone wants encryption for things like Apple Pay where your finances could be deeply affected by a hack. Communications and contact lists on the other hand is another matter and likely where the issue really rests with.
As an example, the FBI wants to know who Mohammed Saeed Alshamrani was in communications with in the U.S. and Saudi Arabia and what was said or instructed. If Alshamrani purposely shot one phone with his hand gun, then it's clear that damning evidence is likely to be found.
The next terrorist may use the latest and greatest iPhone where Cellebrite has no solution for. Then what? While millions including criminals couldn't care, law abiding citizens do along with law enforcement and governments around the world.
For more on this, you could also check out the New York Times article titled "Apple Takes a (Cautious) Stand Against Opening a Killer’s iPhones."
The report notes that "Apple is privately preparing for a legal fight with the Justice Department to defend encryption on its iPhones while publicly trying to defuse the dispute, as the technology giant navigates an increasingly tricky line between its customers and the Trump administration.
Executives at Apple have been surprised by the case’s quick escalation, said people familiar with the company who were not authorized to speak publicly.
Scott Galloway, a New York University marketing professor who has written a book on the tech giants stated that "It’s brilliant marketing. They’re so concerned with your privacy that they’re willing to wave the finger at the F.B.I." For more on this read the full New York Times report.