Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Iphone Privacy Security Software Apple Hardware Technology

Cellebrite Can Now Unlock Apple iPhone 6, 6 Plus (cyberscoop.com) 104

Patrick O'Neill writes: A year after the battle between the FBI and Apple over unlocking an iPhone 5c used by a shooter in the San Bernardino terrorist attack, smartphone cracking company Cellebrite announced it can now unlock the iPhone 6 and 6 Plus for customers at rates ranging from $1,500 to $250,000. The company's newest products also extract and analyze data from a wide range of popular apps including all of the most popular secure messengers around. From the Cyberscoop report: "Cellebrite's ability to break into the iPhone 6 and 6 Plus comes in their latest line of product releases. The newest Cellebrite product, UFED 6.0, boasts dozens of new and improved features including the ability to extract data from 51 Samsung Android devices including the Galaxy S7 and Galaxy S7 Edge, the latest flagship models for Android's most popular brand, as well as the new high-end Google Pixel Android devices."
This discussion has been archived. No new comments can be posted.

Cellebrite Can Now Unlock Apple iPhone 6, 6 Plus

Comments Filter:
  • by Anonymous Coward

    If they want my password that bad, I just may give it to them for $250,000.

  • Quite a range. I dearly hope the lower end of the range is for some Shleprock who forgot his passcode and the 250K fee is for any customer with the last name Government.
    • by Anonymous Coward

      "The company charges $1,500 to unlock an individual phone, while a yearly subscription to the service runs for $250,000, according to a report from the Intercept last year."

      • The FBI [reuters.com]spent close to a million on the San Bernadino iPhone 5C hack, but they also acquired the technique from the contractor.
        • Bleeding edge. Always happens in technology. You pay to be first.

          • Ah, to be fair, you most often still pay the fare to be 199th, 1999th, and so on... but the sooner you need your new shiny, relative to the competing contestants in your social circle (perhaps some social groups should be square or other geometric configurations), the more you have to pay for the oneupmanship.
      • by AmiMoJo ( 196126 ) on Friday February 24, 2017 @06:30AM (#53922875) Homepage Journal

        If I were one of the affected manufacturers, I'd get phones unlocked (in another name) and study them carefully when they came back. Maybe even install some spyware to try to figure out what Cellebrite is doing. And then fix those vulnerabilities.

    • by mysidia ( 191772 )

      It's probably a PAY PER USE Software license..... Clarified Analyzer was a commercial alternative
      to Wireshark that used to be used that. Each license Allows one-time or one-shot use of the software, and
      each time you want to go back and launch the program, and re-use it, then you need to buy another ticket.

      E.g. You buy 1 Cookie for $1500 which allows you to use the Smartphone unlocker software program One time on one device,
      and each smartphone you unlock decreases your licenses remaining counter, an

      • Alright, lets say I'm likely to use the license >1, but 200 times... what's the point at which it begins to pay dividends to own the subscription?
        • by cdrudge ( 68377 )

          Well, if you're only two options are $1500 for a single use or $250,000 for a subscription, then I would venture a guess that it would start to pay dividends at $250,000 / $1500, or after the 167th phone is unlocked.

  • by turkeydance ( 1266624 ) on Thursday February 23, 2017 @06:26PM (#53920959)
    with Kool and the Gang
  • Cellbrite is the next best thing to having someone like geohotz on the payroll. The forensics guys at my work swear by it as their go to tool for doing forensics collections of mobile devices.

  • by Anonymous Coward

    Help me understand the legal standing of Cellbrite.

    If I buy an iPhone 6 and circumvent the built-in encryption, am I not in violation of the DCMA? Yet when Cellbrite does it, and sells that service as a product it's not a DMCA violation but instead a legal offering to law enforcement (or anyone willing to pay the crazy fee)?

    Am I missing something here?

    • by Phusion ( 58405 )
      You're not missing anything, Govt and LE in general are above the law and can do whatever the fuck they want in the name of protecting us from evil.
      • Yep. Just look at any Police / Law Enforcement magazine. All sorts of things you can't (easily, legally) get. Those really cool looking H&K automatics that various Government Nasties run around with - you get the semi auto version. And the little clip. Useless in a firefight against Zombies.

        Flash bangs. Cell phone intercepts. MVRAPS.

        Makes you jealous, it does.

    • by Anonymous Coward

      If I buy an iPhone 6 and circumvent the built-in encryption, am I not in violation of the DCMA?

      It depends on exactly what you're decrypting, and who holds the copyright on the data being decrypted. If it's your data and you authorize the decryption (or if it's not-copyrightable information, like facts (but not "alt facts", as those are copyrightable expressions!)) then it is not a violation of DMCA.

      Yet when Cellbrite does it, and sells that service as a product it's not a DMCA violation but instead a legal

    • by jandrese ( 485 )
      Your identity isn't copyrighted, so there is no DMCA violation.
    • A lot of money is what you're missing.

    • by guruevi ( 827432 ) on Thursday February 23, 2017 @07:41PM (#53921353)

      Cellebrite is an Israeli company, the DMCA does not apply there. Moreover, the only one having a standing regards the DMCA would be Apple, not the victim, and the DMCA does not apply to the sovereign state of the US and thus by extension, law enforcement.

      • Moreover, the only one having a standing regards the DMCA would be Apple, not the victim,

        Not necessarily:

        The DMCA says:

        No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter.

        (1) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
        (A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof;
        (B) has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or
        (C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof.

        The data on the phone itself are copyrighted by the individual who created it. If I took any photo, typed up any e-mail, etc. it's considered a copyrighted work the instant it's created. You, as the individual, could claim that they violated the DMCA by breaking your effective technological method for preventing the distribution of your copyrighted work.

        There is the law enforcement exemption from the DMCA, but that seems to apply to law enforcement officers and government emp

    • Help me understand the legal standing of Cellbrite.

      If I buy an iPhone 6 and circumvent the built-in encryption, am I not in violation of the DCMA? Yet when Cellbrite does it, and sells that service as a product it's not a DMCA violation but instead a legal offering to law enforcement (or anyone willing to pay the crazy fee)?

      Am I missing something here?

      Good point!

  • 1) Pay $250K for the yearly subscription.
    2) Advertise phone unlocking nationwide for $500.
    3) Get 600 people to pay to unlock a phone (individuals, police agencies, private detectives, etc etc etc)
    4) $50K profit! Woo hoo!

    Get 1200 people to pay and make $100K profit. And so on...

    All I need is $250K to get started...and another $100K for advertising.

    • by guruevi ( 827432 )

      Most people's "stuff" isn't worth $600, at that price point, perhaps a few companies with dimwitted C-levels. Additionally, most devices backup automatically to iCloud or sync to your computer, so all you have to do is reset it and re-sync it.

      There is very little use for this tool, except law enforcement and spy stuff. Which is why it's so expensive.

      My question is: how does it actually work. Given all the security on the device, I wouldn't be surprised if this is just a temporary software hack.

      • Most people's "stuff" isn't worth $600

        So advertise on eBay that you'll unlock any iPhone for $20 and hope the masses respond, lol. :)

    • 1) Pay $250K for the yearly subscription. 2) Advertise phone unlocking nationwide for $500. 3) Get 600 people to pay to unlock a phone (individuals, police agencies, private detectives, etc etc etc) 4) $50K profit! Woo hoo!

      Get 1200 people to pay and make $100K profit. And so on...

      All I need is $250K to get started...and another $100K for advertising.

      Better yet buy all the stolen phones that are locked off eBay for super cheap, unlock them, sell full price and massively profit. You could do 100k a week.

  • Sounds like the shareholders of Cellebrite need to be strung up by their necks until dead for allowing the government to spy upon us.

    • OK, I'll add it to the list:

      1. So-called judges.
      2. The press.
      3. Cellebrite.

      • people need to defend themselves.

        there are hostiles out there that want to do us harm, either now or perhaps, later.

        these hostiles are GOVERNMENTS and CORPORATIONS.

        no one speaks for us, the individual, anymore. both those bad guys want to do us harm and do not have our best interests at heart.

        its time for a revolution. seriously, its over due.

        and if those treasonous corps and govs get punished by mobs, I don't think I'll lose any sleep over that ;)

    • by Anonymous Coward

      Lets add car manufacturers to the list for letting government employees drive around harassing us, weapons manufacturers that sell to the government, clothing and office equipment suppliers that sell to the government, food and utility companies that sell to the government...

      Rather than blaming a couple of dozen shareholders, perhaps you should look a little harder at the hundreds of millions of voters who continue to vote for candidates who allow the government to spy on 'us'.

  • Does that mean they found a way around the secure enclave?
    • Probably not. It probably doesn't actually work in anything other than a 'simple' case of faking a fingerprint unlock.
  • We should all store massive amounts of files that have nothing but random data in them.
    Give them names like NuclearCode.doc, fill some of the empty space on our hard drives with them.
    Attach them to every single Email and text we send.

    The NSA computers would screech to a halt wading through all the noise,
  • There is not, and never has been, any such thing as "privacy" on the Internet.

    This has been a public service announcement.

  • Last time we were talking about this, the consensus was that, with all it's flaws, the new iPhones are getting security quite right and that the Secure Enclave architecture should be incredibly safe against exactly these attacks.

    Dos anyone know what attack vector they have used here?
  • This technology is just a one-off request. There is no way it can get "out there".

    Said the F.B.I.

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...