ras-slava - Fotolia
Cellebrite claims it can unlock Apple devices, but questions remain
News roundup: Cellebrite claims it can unlock Apple devices, according to a Forbes report. Plus, iCloud encryption keys will now be stored in China, and more.
U.S. government contractor Cellebrite claims it can unlock Apple devices that use any of the iOS operating systems up to the current version.
Forbes reported earlier this week that the Israel-based vendor started telling its customers it now has the ability to bypass the security protections in iOS to unlock Apple devices. Forbes said it was told by anonymous sources that Cellebrite developed "undisclosed techniques" to unlock Apple devices, and the company was advertising these techniques as a service to law enforcement and forensic specialists.
The report also noted that some of Cellebrite's documentation now includes this service. In one datasheet, Cellebrite listed "Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11" as options for its Advanced Unlocking and Extraction Services.
Forbes also reported that in order for law enforcement to take advantage of Cellebrite's supposed discovery, they have to send the device to Cellebrite to unlock it in its labs for a fee. At the lab, Cellebrite would put the device through its Advanced Unlocking service, which Cellebrite said "can determine or disable the PIN, pattern, password screen locks or passcodes on the latest Apple iOS and Google Android devices."
Then, it would go through Advanced Extraction services, which "enable forensic practitioners to retrieve the full file system to recover downloaded emails, third-party application data, geolocation data and system logs, without needing to jailbreak or root the device," according to the vendor.
An update to the Forbes report a few days later said Cellebrite provided it with further detail and claimed it can unlock Apple devices running all iOS versions up to 11.2.6, which is the most recent version of the operating system.
"Once the device is unlocked and/or extracted, it is returned to the originating agency," Cellebrite said on its website. "Any extracted data is also sent to the agency in encrypted form to ensure privacy and protect operational information."
Security experts are skeptical of the claim that Cellebrite can unlock Apple devices, and Cellebrite has offered no official statement or provided any further details about its methods.
Apple also went head-to-head with the FBI following the 2015 shooting in San Bernardino, Calif., in which 14 people were killed. The FBI was unable to unlock the shooter's iPhone, and Apple refused to help the agency break into the phone. The FBI demanded Apple create a backdoor on its devices just for law enforcement, and the matter went to court, though the suit was eventually dropped.
Cellebrite and Apple had not responded for comments at the time of writing.
In other news:
- The Office of Management and Budget (OMB) issued formal guidance this week for federal agencies to modernize its IT systems. The guidance is meant to walk the agencies through implementing the Modernizing Government Technology Act, which was enacted in 2018 as part of the National Defense Authorization Act. OMB Director Mick Mulvaney said in the memo that the Modernizing Government Technology Act will "allow agencies to invest in modem technology solutions to improve service delivery to the public, secure sensitive systems and data, and save taxpayer dollars." According to the memo, federal agencies will need to submit proposals to an interagency board that is set to be established on March 12.
- Apple is going to start storing Chinese iCloud encryption keys in China for the first time. Until now, all keys have been stored in the U.S., meaning any government agency or law enforcement would have to go through the U.S. legal system to access the encryption keys. Now, Chinese authorities won't have to do that and will only have to go through their own legal system to access the keys and gather information on Chinese iCloud users. According to a Reuters report, human rights activists are concerned about this move by Apple, because they fear the Chinese government could use the information to monitor and find dissidents. Apple has said it's making this change to comply with new Chinese laws, and iCloud users can expect the same level of encryption protection.
- The U.S. Cyber Command chief and director of the National Security Agency, Michael Rogers, said this week that he has not received specific instructions from President Donald Trump to disrupt Russian cyberattacks that target U.S. elections. Rogers told the Senate Armed Services Committee on Tuesday, "I haven't been granted any additional authorities," and any kind of directive would have to come from Trump. Rogers said, while he also hasn't requested any additional authority on the matter, he has directed the cyber mission force -- which is part of the U.S. Cyber Command -- to start on some specific work on Russian cyberattacks, though he didn't disclose any further details. When pushed by Democrats that not enough is being done to stop or punish the Russians, Rogers also said what has been done so far has not been sufficient to deter cybercriminal behavior from nation states.