Cellebrite Can Now Unlock Apple iPhone 6, 6 Plus (cyberscoop.com) 104
Patrick O'Neill writes: A year after the battle between the FBI and Apple over unlocking an iPhone 5c used by a shooter in the San Bernardino terrorist attack, smartphone cracking company Cellebrite announced it can now unlock the iPhone 6 and 6 Plus for customers at rates ranging from $1,500 to $250,000. The company's newest products also extract and analyze data from a wide range of popular apps including all of the most popular secure messengers around. From the Cyberscoop report: "Cellebrite's ability to break into the iPhone 6 and 6 Plus comes in their latest line of product releases. The newest Cellebrite product, UFED 6.0, boasts dozens of new and improved features including the ability to extract data from 51 Samsung Android devices including the Galaxy S7 and Galaxy S7 Edge, the latest flagship models for Android's most popular brand, as well as the new high-end Google Pixel Android devices."
Re: (Score:2, Interesting)
How do you know Cellebrite isn't an Apple funded offshoot to funnel govt money in exchange for backdoors.
Re: (Score:2)
How do you know Cellebrite isn't an Apple funded offshoot to funnel govt money in exchange for backdoors.
How do we know you're not Vladimir Putin, or worse yet, Steve Bannon?
Re: Awesome! (Score:1)
Only Apple cares about our privacy? (Score:1)
Although intriguing and saddening that they've unlocked the iPhone 6 (but not 6s?).
What's more intriguing is that, why are Android phones so easy to break?!
... I guess everyone is aware [softpedia.com] that Google is a corporate spying empire [huffingtonpost.com], and yet there are people here who still argue against Apple and advocate for Android spyware [theregister.co.uk]?
And why is it we never hear from Google/Microsoft wanting to protect its users against government surveillance, unlike Apple [apple.com].
Would you advocate GMail/Hangouts over Signal/Telegram/WhatsApp ?
Re: (Score:2)
Well, heck... (Score:1)
If they want my password that bad, I just may give it to them for $250,000.
Re: (Score:1)
Indeed.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
I have wondered about different virtual machines on a phone. The retina lock might get one the VM for a workspace for personal stuff, while to access business data, it would require a fingerprint and PIN. Done right, there would be plausible deniability for this... and more importantly, it would separate business and personal stuff.
Re: And that's why (Score:4, Funny)
I remember doing that a few decades ago. I worked at ScumSoft, Inc. and since I was very sick the only way to open my office door was to use a photocopy of my face I did a week earlier.
Re: (Score:1)
Re: (Score:2)
Alright... I'll just do a quick stop at Monolith Burger first. I heard they have Astro Chicken II: Revenge of the Landing Drone Ship.
$1500 to $250,000 (Score:2)
Re: $1500 to $250,000 (Score:3, Informative)
"The company charges $1,500 to unlock an individual phone, while a yearly subscription to the service runs for $250,000, according to a report from the Intercept last year."
Re: (Score:2)
Re: (Score:2)
Bleeding edge. Always happens in technology. You pay to be first.
Re: (Score:2)
Re: $1500 to $250,000 (Score:4, Insightful)
If I were one of the affected manufacturers, I'd get phones unlocked (in another name) and study them carefully when they came back. Maybe even install some spyware to try to figure out what Cellebrite is doing. And then fix those vulnerabilities.
Re: (Score:2)
It's probably a PAY PER USE Software license..... Clarified Analyzer was a commercial alternative
to Wireshark that used to be used that. Each license Allows one-time or one-shot use of the software, and
each time you want to go back and launch the program, and re-use it, then you need to buy another ticket.
E.g. You buy 1 Cookie for $1500 which allows you to use the Smartphone unlocker software program One time on one device,
and each smartphone you unlock decreases your licenses remaining counter, an
167 (Score:2)
Re: (Score:2)
Well, if you're only two options are $1500 for a single use or $250,000 for a subscription, then I would venture a guess that it would start to pay dividends at $250,000 / $1500, or after the 167th phone is unlocked.
Re: (Score:2)
I believe it. Fingerprint scanning was once a really loosey goosey way of providing the illusion of security, but where easily fooled using some pretty low tech. Although a hotdog sure seems to be pretty low tech.. Even on a good day, finger print scanning is pretty bad, either giving you a really high false positive or really high reject rates, even today, when the horse power needed to sort though a pile of prospective fingerprints looking for a match is more readily available.
Think of it as a really b
Re: (Score:2)
Re: (Score:2)
Cellebrite (Score:3)
Re: (Score:2)
Some of us have jobs.....Maybe we could switch to using walki talkies that would solve some of the problem but create a lot of new ones: extra device, everyone and their dog with a scanner can hear and limited range.
Re: (Score:1)
Re: (Score:3)
Such a brave stance that--- Well, although many of us are indeed too dependent on our smartphones, they offer real utility beyond taking pictures of our food.
There is nothing about the cellular system that is secure. So use what you use as long as you are comfortable with it. AC has some weird ideas that he is somehow immune to the tracking and other possibilities that are just inherent in the system. If LE is interested, any time his phone connects to a couple towers, he's nailed. I'm not inclined to do anything illegal, but if I was, none of it would be on my cell or computer. I use the hell out of my smartphone for trip mapping and location services. The occa
Re: (Score:2)
I'm surprised more criminals don't give their phones to someone else while they are breaking the law, to create an alibi. The cops will get the cell records and datarape the phone, generating evidence that can then be used in the criminal's own defence.
Re: (Score:2)
I'm surprised more criminals don't give their phones to someone else while they are breaking the law, to create an alibi. The cops will get the cell records and datarape the phone, generating evidence that can then be used in the criminal's own defence.
And here's one that always gets me into trouble on Slashdot. I am perfectly happy to have my gas purchases easily found. I even broadcast my position via APRS, which timestamps my location and broadcasts it to the world That's a s part of a hobby. I don't care about cell phone tracking, or video camera recording. While many here think that they need to be ghosts, I've figured that this stuff will stand a better chance of giving me a very good alibi if I need one. Some people who have been accused of crimes
Re:One more reason to own a smartphone (Score:2)
Re: (Score:3)
I'll keep my secrets in my head and stick to a $50 dumbphone with nothing in it and not even turned on for more than 1 hour a day. Seriously you people so attached to your goddamned smartphones are pathetic and I pity you.
Grandpa Gribble? they let you out of the home again?
If you are that shit shakingly paranoid about security, why on earth are you even using a device whose main feature is to track you? Without that tracking, the cellular system doesn't function. And they even keep logs.
That one hour you have it turned on, your phone is alerting your presence to teh authorities, and they be a comin ta get ya!
Re: One more reason to never own a smartphone (Score:1)
Why did what he said make you so angry?
Re: (Score:2)
Why did what he said make you so angry?
Huh? I was in full tease mode. Kinda like when your crazy uncle Louie shows up at family gatherings and brags about not having an email address, and I tease him about all the women he must get by being such an independent stud. In this case, I just gave AC a little telling. Maybe he takes telling, maybe not. If I had to assign an emotion to it, it might be to feel badly because I ridiculed the guy who thinks that he is somehow more "secure" because of having a feature phone, or whatever it is he has. Then a
Re: (Score:2)
Whoa, slow down there George Jetson. I don't even have a cellphone.
I only communicate over ham radios using Morse Code to transmit ciphertext that can only be decoded with a one-time pad provided to me through a dead-drop.
Cellbrite is the next best thing (Score:2)
Cellbrite is the next best thing to having someone like geohotz on the payroll. The forensics guys at my work swear by it as their go to tool for doing forensics collections of mobile devices.
Pirate vs. Entrepreneur? (Score:2, Interesting)
Help me understand the legal standing of Cellbrite.
If I buy an iPhone 6 and circumvent the built-in encryption, am I not in violation of the DCMA? Yet when Cellbrite does it, and sells that service as a product it's not a DMCA violation but instead a legal offering to law enforcement (or anyone willing to pay the crazy fee)?
Am I missing something here?
Re: (Score:1)
Re: (Score:2)
Yep. Just look at any Police / Law Enforcement magazine. All sorts of things you can't (easily, legally) get. Those really cool looking H&K automatics that various Government Nasties run around with - you get the semi auto version. And the little clip. Useless in a firefight against Zombies.
Flash bangs. Cell phone intercepts. MVRAPS.
Makes you jealous, it does.
Re: (Score:1)
That's where being a hardware hacker gets you free shit. cheaper normally.
Re: (Score:1)
It depends on exactly what you're decrypting, and who holds the copyright on the data being decrypted. If it's your data and you authorize the decryption (or if it's not-copyrightable information, like facts (but not "alt facts", as those are copyrightable expressions!)) then it is not a violation of DMCA.
Re: (Score:2)
Re: (Score:2)
A lot of money is what you're missing.
Re:Pirate vs. Entrepreneur? (Score:4, Informative)
Cellebrite is an Israeli company, the DMCA does not apply there. Moreover, the only one having a standing regards the DMCA would be Apple, not the victim, and the DMCA does not apply to the sovereign state of the US and thus by extension, law enforcement.
Re: (Score:2)
Moreover, the only one having a standing regards the DMCA would be Apple, not the victim,
Not necessarily:
The DMCA says:
No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter.
(1) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
(A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof;
(B) has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or
(C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof.
The data on the phone itself are copyrighted by the individual who created it. If I took any photo, typed up any e-mail, etc. it's considered a copyrighted work the instant it's created. You, as the individual, could claim that they violated the DMCA by breaking your effective technological method for preventing the distribution of your copyrighted work.
There is the law enforcement exemption from the DMCA, but that seems to apply to law enforcement officers and government emp
Re: (Score:2)
Help me understand the legal standing of Cellbrite.
If I buy an iPhone 6 and circumvent the built-in encryption, am I not in violation of the DCMA? Yet when Cellbrite does it, and sells that service as a product it's not a DMCA violation but instead a legal offering to law enforcement (or anyone willing to pay the crazy fee)?
Am I missing something here?
Good point!
Devils advocate, isn't this protected by the DMCA? (Score:1)
n/t
Re: (Score:2)
People who ask for this are above the law, either cops who don't care if what they do is illegal, or criminals who don't care.
Profit! (Score:2)
1) Pay $250K for the yearly subscription.
2) Advertise phone unlocking nationwide for $500.
3) Get 600 people to pay to unlock a phone (individuals, police agencies, private detectives, etc etc etc)
4) $50K profit! Woo hoo!
Get 1200 people to pay and make $100K profit. And so on...
All I need is $250K to get started...and another $100K for advertising.
Re: (Score:2)
Most people's "stuff" isn't worth $600, at that price point, perhaps a few companies with dimwitted C-levels. Additionally, most devices backup automatically to iCloud or sync to your computer, so all you have to do is reset it and re-sync it.
There is very little use for this tool, except law enforcement and spy stuff. Which is why it's so expensive.
My question is: how does it actually work. Given all the security on the device, I wouldn't be surprised if this is just a temporary software hack.
Re: (Score:2)
Most people's "stuff" isn't worth $600
So advertise on eBay that you'll unlock any iPhone for $20 and hope the masses respond, lol. :)
Re: (Score:2)
1) Pay $250K for the yearly subscription. 2) Advertise phone unlocking nationwide for $500. 3) Get 600 people to pay to unlock a phone (individuals, police agencies, private detectives, etc etc etc) 4) $50K profit! Woo hoo!
Get 1200 people to pay and make $100K profit. And so on...
All I need is $250K to get started...and another $100K for advertising.
Better yet buy all the stolen phones that are locked off eBay for super cheap, unlock them, sell full price and massively profit. You could do 100k a week.
Sounds like Cellebrite is an enemy of the people (Score:3, Insightful)
Sounds like the shareholders of Cellebrite need to be strung up by their necks until dead for allowing the government to spy upon us.
Re: (Score:2)
OK, I'll add it to the list:
1. So-called judges.
2. The press.
3. Cellebrite.
Re:Sounds like Cellebrite is an enemy of the peopl (Score:4)
people need to defend themselves.
there are hostiles out there that want to do us harm, either now or perhaps, later.
these hostiles are GOVERNMENTS and CORPORATIONS.
no one speaks for us, the individual, anymore. both those bad guys want to do us harm and do not have our best interests at heart.
its time for a revolution. seriously, its over due.
and if those treasonous corps and govs get punished by mobs, I don't think I'll lose any sleep over that ;)
Re: (Score:1)
Lets add car manufacturers to the list for letting government employees drive around harassing us, weapons manufacturers that sell to the government, clothing and office equipment suppliers that sell to the government, food and utility companies that sell to the government...
Rather than blaming a couple of dozen shareholders, perhaps you should look a little harder at the hundreds of millions of voters who continue to vote for candidates who allow the government to spy on 'us'.
Secure enclave (Score:2)
Re: (Score:2)
Re: (Score:2)
Might be. There are many academic papers discussing TrustZone bypass with physical access.
Apple has their own "TrustZone" enhancements.
Random number generator (Score:2)
Give them names like NuclearCode.doc, fill some of the empty space on our hard drives with them.
Attach them to every single Email and text we send.
The NSA computers would screech to a halt wading through all the noise,
Gentle reminder (Score:2)
There is not, and never has been, any such thing as "privacy" on the Internet.
This has been a public service announcement.
what about the Secure Enclave? (Score:2)
Dos anyone know what attack vector they have used here?
This technology ... (Score:1)
Said the F.B.I.