Site icon Sophos News

Can the FBI really unlock ANY iPhone in existence?

US media giant Forbes is making a bold claim: the FBI can now unlock every iPhone in existence.
Actually, that’s not exactly what Forbes said – the headline used the slang term “Feds”, referring not just the FBI, but to law enforcement in general and, by obvious association, to the world’s various intelligence services, too.
And, to be precise, Forbes put the word “probably” in the headline, too, neatly wrapped in brackets in a way that probably made the Forbes lawyers much happier.
So, according to Forbes, law enforcement agencies may be able to unlock many or most iPhones in use out there.

Is it true?

The company that caused Forbes to make this dramatic claim is one we’ve mentioned before on Naked Security: Cellebrite.
Cellebrite is headquartered in Israel, but owned by Suncorporation, a Japanese company broadly associated with video gaming and the pachinko industry. (A pachinko machine is a type of slot machine popular in Japan.)
You may recall that the FBI famously (or infamously, depending on where you stand in the phone unlocking debate) broke into the iPhone 5C of the dead San Bernadino terrorist and mass murderer Syed Rizwan Farook.
At first, no one quite knew how the FBI did it.
We speculated that there were several approaches the cops might have used:

In the end, it seems that Cellebrite helped out in the San Bernadino case, in a phone hack that was claimed to have cost close to $1,000,000 in total, and that involved a system that worked only on a “narrow slice of phones,” apparently including the iPhone 5C but not the iPhone 5s or later.

What now?

Now, if Forbes is to be believed, Cellebrite has extended the range of phones it can successfully unlock, according to the company’s own marketing material:

Devices supported for Advanced Unlocking and Extraction Services include:
Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.
Google Android devices, including Samsung Galaxy and Galaxy Note devices; and other popular devices from Alcatel, Google Nexus, HTC, Huawei, LG, Motorola, ZTE, and more.

Of course, Cellebrite isn’t openly promising that it can always get everything off the systems listed above, merely that those devices “are supported”.
And Cellebrite isn’t saying which sorts of device it’s willing to take a go at – newer ones generally have more secure hardware to enforce the security coded into the software.
You have to send the device to a Cellebrite office; it’s sent back unlocked, if possible – obviously, Cellebrite can’t guarantee to unlock any phone out there, not least because a confiscated device could, in fact, already be irreparably damaged.
But would Cellebrite go to the trouble of inviting law enforcement agencies to send “devices of interest” to a Cellebrite lab if it didn’t think it had a fair chance of getting in?
Does Cellebrite have an exploitable vulnerability up its sleeve that neither Apple nor the jailbreaking community has yet discovered?
Despite Forbes’s bullish (or bearish, depending on where you stand in the phone unlocking debate) claims, we simply can’t say.

What to do?

Let’s assume the worst – namely that Cellebrite does have a pair of iPhone and Android zero-day aces in the hole.
In a way, there’s some good news in that scenario: you can bet your boots (and your trendy phone case) that Cellebrite will go many miles out of its way not to let those zero-days become known, because they’re the geese that lay the golden purchase orders.
So, even if Cellebrite is willing to have a go at cracking phones, for a fee, your device still isn’t wide open to just anyone.
In other words, the following simple precautions are well worth taking:


Exit mobile version