Forensics firm claims it can break into every iPhone

By

GrayKey can bypass iPhone security
Don’t expect locking your iPhone to keep police from accessing it.
Photo: Ed Hardy/Cult of Mac

A company staffed with white-hat hackers apparently made a breakthrough in unlocking iPhones and iPads. Cellebrite says it is offering law enforcement agencies access to every bit of data on any iOS device.

The Israeli company has been in this business for years. The FBI reportedly turned to Cellebrite to unlock an iPhone owned by a shooter from San Bernardino, California, that was at the center of a controversy, but the job supposedly had to be done by others.

Now Cellebrite has apparently upped its game, taking to Twitter to boast it can unlock any iOS device, as well as most Android ones.

The firm’s website goes on to say it can “bypass or determine locks and perform a full file system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction.” That includes “access to 3rd party app data, chat conversations, downloaded emails and email attachments, deleted content and more.”

The company doesn’t do this out of the goodness of its heart; police around the world pay for this service. Exactly what Cellebrite charges for UFED Premium is not publicly available.

Apple versus Cellebrite and hackers of all kinds

Cellebrite offers its services only to law-enforcement agencies, which doesn’t stop its tools from showing up on eBay at rock-bottom prices.

Apple does all it can to frustrate Cellebrite and similar companies. It takes strong stance on protecting the privacy of users, even if that means locking out U.S. police. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” the company told Reuters last year.

But iPhones are used in countries where police are lax about citizen rights. And the same cracking tools can be used by criminals, spies, and even unscrupulous private investigators. That’s why Apple says it will continue to try to make it impossible for someone to hack into any iOS device.

Cellebrite and similar companies take advantage of weaknesses they’ve discovered in iOS security. Apple would prefer these companies notify it of these so the security holes can be closed, rather than the hackers profiting from them. This is because the exploit(s) Cellebrite is using could also be employed by criminals.

In time, it’s likely Apple will find and fix the security workaround this company is using. But then Cellebrite will probably find a new way to hack into iPhones. This will eventually be closed, but the cycle is expected to continue.