Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Data Extraction Company Cellebrite Advertising New Software for Cracking Devices Running iOS 11
Israel-based software developer Cellebrite, known for breaking into mobile devices like the iPhone to obtain sensitive data, recently began informing customers that it can circumvent the security of iOS devices running iOS 11, reports Forbes.
With a way to break into iPhones running iOS 11, Cellebrite can potentially crack most of the iPhones available on the market. According to Forbes, the Department for Homeland Security was able to obtain data from an iPhone X in an arms-trafficking case in November, probably using Cellebrite technology to do so.
A warrant found by Forbes suggests an iPhone X was sent to Cellebrite on November 20, with data successfully extracted on December 5. Based on the warrant, it's not clear how data was obtained, but given the time gap, it's unlikely Face ID was used.
Cellebrite has not publicly announced or shared details on its ability to break into devices running iOS 11, but as noted by Forbes, the company's documentation [PDF] on what it can access now includes iPhones and iPads running iOS 11. Sources that spoke to Forbes have also confirmed the company is marketing its iOS 11 cracking techniques to law enforcement agencies around the world.
In iOS 11, for example, Apple began requiring an iPhone's passcode to establish trust with a computer, a change from earlier versions of iOS that also would authenticate a connection via Touch ID. Apple also added a secret biometric disabling mechanism to its SOS feature, which shuts down Touch ID or Face ID and requires a password when the SOS screen is triggered by pressing on the Sleep/Wake or Side button five times in rapid succession.
Still, even as Apple works to increase the security of its iOS devices, companies like Cellebrite work to find new ways to crack iOS devices and then sell their services to governments and other entities. Cellebrite also offers software that customers can purchase, but its most sensitive and secret tools, such as its method for unlocking devices running iOS 11, is not included to prevent Apple from finding and patching whatever vulnerability is being exploited.
Instead, Cellebrite requires law enforcement to send locked devices to their labs to keep techniques secret.
Cellebrite first garnered significant attention in 2016, when it was believed the company was enlisted to help the FBI break into the iPhone 5c of San Bernardino shooter Syed Farook after Apple refused to provide the FBI with tools to unlock the device.
The FBI did not use Cellebrite's services for that particular case, but several United States government agencies do regularly work with Cellebrite to unlock iOS devices.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
With a way to break into iPhones running iOS 11, Cellebrite can potentially crack most of the iPhones available on the market. According to Forbes, the Department for Homeland Security was able to obtain data from an iPhone X in an arms-trafficking case in November, probably using Cellebrite technology to do so.
A warrant found by Forbes suggests an iPhone X was sent to Cellebrite on November 20, with data successfully extracted on December 5. Based on the warrant, it's not clear how data was obtained, but given the time gap, it's unlikely Face ID was used.
Cellebrite has not publicly announced or shared details on its ability to break into devices running iOS 11, but as noted by Forbes, the company's documentation [PDF] on what it can access now includes iPhones and iPads running iOS 11. Sources that spoke to Forbes have also confirmed the company is marketing its iOS 11 cracking techniques to law enforcement agencies around the world.
Devices supported for Advanced Unlocking and Extraction Services include:Apple continually introduces improvements to the security of its operating systems in order to keep ahead of companies like Cellebrite that are always searching for flaws and vulnerabilities to exploit in order to access the data on locked iOS devices.
Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.
In iOS 11, for example, Apple began requiring an iPhone's passcode to establish trust with a computer, a change from earlier versions of iOS that also would authenticate a connection via Touch ID. Apple also added a secret biometric disabling mechanism to its SOS feature, which shuts down Touch ID or Face ID and requires a password when the SOS screen is triggered by pressing on the Sleep/Wake or Side button five times in rapid succession.
Still, even as Apple works to increase the security of its iOS devices, companies like Cellebrite work to find new ways to crack iOS devices and then sell their services to governments and other entities. Cellebrite also offers software that customers can purchase, but its most sensitive and secret tools, such as its method for unlocking devices running iOS 11, is not included to prevent Apple from finding and patching whatever vulnerability is being exploited.
Instead, Cellebrite requires law enforcement to send locked devices to their labs to keep techniques secret.
Cellebrite first garnered significant attention in 2016, when it was believed the company was enlisted to help the FBI break into the iPhone 5c of San Bernardino shooter Syed Farook after Apple refused to provide the FBI with tools to unlock the device.
The FBI did not use Cellebrite's services for that particular case, but several United States government agencies do regularly work with Cellebrite to unlock iOS devices.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
[ 112 comments ]
Top Rated Comments
(View all)
20 months ago
Wow, this is not good news for Apple, or Apple's customers
In before someone says if you're not criminal you have nothing to worry about.
20 months ago
I have no intention of becoming a criminal.....so I guess I am safe :)
Yeah, because (a) you KNOW that Cellebrite only sells to law enforcement (and law enforcement of a 'reputable' country, whatever that is), (b) Cellebrite has perfect security on their network and employees, and (c) no one else knows of the flaw.
If you read the book "Three Felonies A Day" you will know that given the subjective and voluminous number of laws on the books in the US (not to mention the number of laws around the world) the average person commits three felonies PER DAY. Even if that is off by a factor of 1000 (which seems unlikely) that is still > 1 per year. So whatever your "intention" is, is pretty much irrelevant.
Whether you are an Obama fan or a Trump fan or someone else fan, if you aren't concerned about the "other side" having this power in their hands, you should be.
20 months ago
Apple should just buy Cellebrite for the heck of it, figure out what exploit they are using, patch it, and close down the company. I know things don't work out this way but sure it would be nice!
20 months ago
I have no intention of becoming a criminal.....so I guess I am safe :)
Intent is not required citizen, only obedience.
20 months ago
At this point I think Celebrite has a mole in Apple's OS development department.
20 months ago
This should be illegal, especially since law enforcement has to send in the device to have it cracked. What stops them from tinkering with evidence in the worst case adding stuff that was never actually on the device
20 months ago
Wow, this is not good news for Apple, or Apple's customers
Nonsense. How exactly is this bad news for me? Am I going to have my phone hacked into by Cellebrite or someone else? No and no.
On a side note I found this interesting: “Instead, Cellebrite requires law enforcement to send locked devices to their labs to keep techniques secret.”
How does this factor in with chain of custody for evidence? How can you verify the data came from the customers device without being allowed to see how it was accessed? IIRC there was an issue with this in another case where the FBI dropped charges because they didn’t want to give up how they got the data. It was a child porn case as I recall.
[ Read All Comments ]
For this week's giveaway, we've teamed up with Vessel to offer MacRumors readers a chance to win a Signature 2.0 Backpack.
Vessel makes all kinds of backpacks, briefcases, and bags, but...
Discounts on the latest iMacs remain ongoing this month, with Amazon and B&H Photo now offering a new all-time-low price on the 27-inch Retina iMac with 8GB RAM and a 1TB Fusion Drive. This model...
Google and Apple calendars are not playing friendly right now.
As alerted to us by multiple MacRumors readers, there appears to be a syncing issue with Google Calendar and Apple's...
Apple Music today launched a new curated playlist called "New Music Daily," which as the name suggests, is updated every day with fresh songs.
Made up of "new music you simply...
Taylor Swift revealed today on Instagram that she will be the next partner in Apple's "Music Lab" sessions, which are available in Apple retail stores.
The Music Lab session will...
Satechi today announced the Type-C Dual Multimedia Adapter, which plugs into two of the MacBook Pro's USB-C ports to offer a handful of add-on ports.
In total, this includes: one 4K HDMI...
Spotify today announced that it is extending its free-trial period for Spotify Premium to three months, up from the previous one month that users would have to try out the paid service. With this...
OtterBox today announced a new expandable wireless charging system that it calls "OtterSpot," which includes one charging base that can power up multiple batteries and a smartphone...
