Cellebrite Says it Now Supports 'Lawful Unlocking' of iPhone 6 and Older Models

Cellebrite director of forensic research Shahar Tal recently tweeted out that the company's Advanced Investigative Service can now unlock and extract the full file system for the iPhone 6 and iPhone 6 Plus (via CyberScoop). To date, CAIS "supports lawful unlocking and evidence extraction" from the following iPhone generations: 4s, 5, 5c, 5s, 6, and 6 Plus. No mention has been made whether or not the developer has attempted to unlock newer-generation iPhones, including the iPhone 6s, 6s Plus, 7, or 7 Plus.


The company reportedly charges $1,500 to unlock an individual phone and $250,000 for a yearly subscription to the data extracting service. In addition to the basic system and user data it can get, the hack also targets various apps within the iPhone, including personal data stored in Uber, Facebook, Chrome, and some dating apps.

At the same time this week, Cellebrite announced the next generation of its "Content Transfer" tool, which will allow retailers and operators to fully duplicate a customer's existing iPhone onto a brand new iPhone at an average content transfer speed of 1GB per minute. The developer said this should reduce wait times in stores while also pleasing anxious customers worried about losing data when upgrading to a new iPhone generation.

Cellebrite said the most important settings get transferred in the process, including wallpaper, alarm settings, weather, photos, videos, contacts, and apps. Not included are account passwords, Wi-Fi settings, health data, and website history. The company plans to hold a demonstration of the Full Transfer service for iPhones at Mobile World Congress in Barcelona, which runs next week from February 27 – March 2.
“With content transfer speeds averaging 1 GB per minute, this new service is a complete game changer.” said Yehuda Holtzman, CEO of Cellebrite Mobile Lifecycle. “With Full Transfer, the average iPhone customer with 10GB of personal data can walk out of the store with a mirror-image of their old iPhone in just 10 minutes, offering customer experience that’s far superior to anything else available today.”
Although the developer has been most recognizably in the public eye for its relation to the Apple-FBI drama and its smartphone-cracking expertise, Cellebrite also offers a collection of services for retailers and businesses. Cellebrite Touch2 and Cellebrite Desktop power in-store smartphones and desktop computers, respectively, with software that the company claims offers flexibility by operating through a store's existing IT infrastructure to "deliver a fast, consistent service."


Earlier in February, Cellebrite found itself at the hands of a hacker when someone stole and publicly released a cache of Cellebrite's most sensitive data, including tools it uses to get into older iPhones. The hacker shared the data on Pastebin, intending to highlight the importance of the inevitability that any brute force tools aimed at bypassing encryption software "will make it out" into the public -- a prime fear of Apple CEO Tim Cook when the FBI originally demanded the company create a backdoor into the San Bernardino shooter's iPhone 5c last year.



Top Rated Comments

(View all)
Avatar
27 months ago

iPhone = not secure. The ruse is over.
Oh, but wait! The next iPhone 7S can not be hacked. Time to upgrade everyone!

The iPhone is probably the most secure phone available. That doesn't make it impenetrable. If someone is truly concerned about their digital privacy then they won't do anything using a smartphone that they don't want others to see. Obviously we all have a right to privacy but if you don't want the NSA or FBI to see what's on your phone, the only guaranteed way for that to happen is to not have anything on the phone.
Rating: 22 Votes
Avatar
27 months ago
And people wondered by APFS and all of its encryption features were so important...
Rating: 8 Votes
Avatar
27 months ago
Is this a brute force unlock? Or are they able to bypass the secure enclave?
It was understandable on pre 5 phones, but this sounds like very bad news.
Rating: 7 Votes
Avatar
27 months ago


I've worked in computer forensics for years. I've seen the vast good it does. The situations you describe make up less than 0.1% of all cases. Instead, most of the time this type of software is being used to get data used to put a pedophile in jail so they can't hurt your kids like they have other's. It's being used to get information which stops US troops from being killed. It's used to get data which stops Americans back here in the US and others abroad, from being killed in other terroristic acts.

Your everyday cops don't have access to these type of tools. Even large departments usually don't. You generally have to go to the state level, if not the federal level, to find them.


Please cite your source and methodology for claiming "less than 0.1%" of all these cases are rotten before you throw in a "save the children" and generic terrorism bogeyman as an excuse for government overreach.
Rating: 6 Votes
Avatar
27 months ago

They and others (myself included) have been selling these tools to law enforcement for nearly 10 years. Go and see how many you find available online.
[doublepost=1487951662][/doublepost]

These tools are used by government law enforcement. If they have your device, chances are almost certain that they have every right to examine it and in most cases have a court order to do so.

So yes, lawful in almost every case.

What I mean by "lawful" is that this is exactly the same thing as if the police saw a safe, took it and forced their way in blindly, not knowing what's in there and using that lack of knowing as motivation. Aka not lawful at all. No just cause.
Rating: 5 Votes
Avatar
27 months ago
I'm hoping this will all change with the implementation of APFS, at least on newer devices.
Rating: 5 Votes
Avatar
27 months ago

Excellent - so now they've announced this, we can expect these tools to be posted online for anyone to get hold of... shortly, I would imagine.


They and others (myself included) have been selling these tools to law enforcement for nearly 10 years. Go and see how many you find available online.
[doublepost=1487951662][/doublepost]

"Lawful."


These tools are used by government law enforcement. If they have your device, chances are almost certain that they have every right to examine it and in most cases have a court order to do so.

So yes, lawful in almost every case.
Rating: 3 Votes
Avatar
27 months ago

Is there really a difference in the ability? I would think it would just take longer, but the ability is just the same.


It doesn't matter either way. I was on jury duty a couple of weeks ago for a criminal case in Upstate NY. Upsetting case, but nobody died, mind you. And yet, I was baffled that the criminal police department in the *hamlet* of Latham, NY had a license of Cellebrite's UFED. It made short work of the defendant's Android phone. The device was turned on in a Faraday cage, to avoid a remote wipe. If unlocking can't be performed at this point, they just remove the chip (they did), and UFED bypasses all encryption. Your privacy is gone, it recovers a *lot* of data, not only TXT messages, but TXT that you deleted recently, as well as data from a whole bunch of apps like Snapchat. It will show which apps you had installed and when you acquired said apps -- in this case, *several* apps meant to "clean" the Android had been recently purchased, a damning hint that they were trying to erase their tracks after deleting TXT messages. The only reason the victim's iPhone wasn't extracted just as easily is because the police didn't have the latest version of UFED, which is being advertised in this phone. From my understanding, only iPhone 7 are out of reach right now, but it's a matter of time....
Rating: 3 Votes
Avatar
27 months ago

Please cite your source and methodology for claiming "less than 0.1%" of all these cases are rotten before you throw in a "save the children" and generic terrorism bogeyman as an excuse for government overreach.


As I said, I've got more than 10 years of working with government law enforcement across the world. I've been involved in countless cases and seen how these products are used. I've been an expert witness in cases you've likely read about in news reports and helped put very bad people away. I can say with far more authority than yourself that the abuses are incredibly few.

But keep rocking your tinfoil hat and believing that the government really cares that you spend a bunch of time browsing ******* and crying yourself to sleep. I'm sure that's super interesting information for them and stuff they'd want to risk their own jobs and freedom to exploit without a warrant.
Rating: 3 Votes
Avatar
27 months ago

To hell with privacy if you use the internet.


So many don't realize this. They don't seem to see that Google Analytic is on nearly every website (including this one) which tracks their every move across the entire internet. Google knows every site they visit, how long they sit on each page, what links and buttons they click, what they download. And yet they have no problem with that.

Google analyzes every email they get in Gmail and every search they run. They've built a profile of you which they use to sell advertising to you and for other purposes.

When you backup to cloud backup, your data is somewhere that can be accessed for purposes of examination if need be. Believe that encryption can save you if you like but there are plenty of ways to get your information.
[doublepost=1487953178][/doublepost]

What I mean by "lawful" is that this is exactly the same thing as if the police saw a safe, took it and forced their way in blindly, not knowing what's in there and using that lack of knowing as motivation. Aka not lawful at all. No just cause.


I've worked in computer forensics for years. I've seen the vast good it does. The situations you describe make up less than 0.1% of all cases. Instead, most of the time this type of software is being used to get data used to put a pedophile in jail so they can't hurt your kids like they have other's. It's being used to get information which stops US troops from being killed. It's used to get data which stops Americans back here in the US and others abroad, from being killed in other terroristic acts.

Your everyday cops don't have access to these type of tools. Even large departments usually don't. You generally have to go to the state level, if not the federal level, to find them.
Rating: 3 Votes
[ Read All Comments ]