Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Security

Leaked Docs Show What Phones Cellebrite Can and Can't Unlock (404media.co) 41

Cellebrite, the well-known mobile forensics company, was unable to unlock a sizable chunk of modern iPhones available on the market as of April 2024, 404 Media reported Wednesday, citing leaked documents it obtained. From the report: Mobile forensics companies typically do not release details on what specific models their tools can or cannot penetrate, instead using vague terms in marketing materials. The documents obtained by 404 Media, which are given to customers but not published publicly, show how fluid and fast moving the success, or failure, of mobile forensic tools can be, and highlights the constant cat and mouse game between hardware and operating manufacturers like Apple and Google, and the hacking companies looking for vulnerabilities to exploit.

[...] For all locked iPhones able to run 17.4 or newer, the Cellebrite document says "In Research," meaning they cannot necessarily be unlocked with Cellebrite's tools. For previous iterations of iOS 17, stretching from 17.1 to 17.3.1, Cellebrite says it does support the iPhone XR and iPhone 11 series. Specifically, the document says Cellebrite recently added support to those models for its Supersonic BF [brute force] capability, which claims to gain access to phones quickly. But for the iPhone 12 and up running those operating systems, Cellebrite says support is "Coming soon."

This discussion has been archived. No new comments can be posted.

Leaked Docs Show What Phones Cellebrite Can and Can't Unlock

Comments Filter:
  • Regardless of brand, OS and version. For example, a primary reason for a removable battery is to be able to reliably (!) switch a phone off.

    • by Samuel Silverstein ( 10475946 ) on Wednesday July 17, 2024 @02:44PM (#64633415)
      Seems they struggle with graphene os. No Google stuff in it by default, but you can install it and have it heavily sandboxed. Plus you get a ton of control over what apps have access to, well beyond what stock Android provides. WhatsApp thinks it has access to my contacts, but it really doesn't.
      • by AmiMoJo ( 196126 )

        The vulnerabilities have nothing to do with Google apps, not having those won't help you. It's mostly down to the phone's firmware, the bootloader and the way it stores the encryption keys for the flash memory.

        Modern versions of Android have a system where the OS is encrypted with one key so that the phone can boot up, and then another key is required to unlock the user's data files. The keys are normally stored in a secure part of the phone's SoC, which also contains the CPU and various peripherals.

        So eith

  • Paywall (Score:1, Informative)

    by io333 ( 574963 )

    Linkers of paywalls go to Pound-Me-In-The-Ass-Federal-Prison

  • Once you have physical access to the hardware, getting in becomes far easier.

    • Despite the encryption the US government has, they still require any discarded storage media to be shredded up and for a good reason.
  • Does Apple fix (or try to fix) any security flaws that allow these devices to get into their phones?

    • by UnknowingFool ( 672806 ) on Wednesday July 17, 2024 @04:18PM (#64633587)
      The current iOS 17 appears to have releases at least once a month. It was first launched in September 2023 with the currrent minor version being 17.5.1 as of May 20, 2024. It seems to be an ongoing battle between Apple and Cellebrite when it comes to security patches.
    • Why do you think these docs are only public when leaked? They go out of their way to not let Apple know about the security flaws that pays their bills.

      Also that would be very clearly why 17.4 is currently not unlockable.

    • by gnasher719 ( 869701 ) on Thursday July 18, 2024 @03:33AM (#64634521)
      Since they cannot attack ios 17.4 right now, there will be some code change from iOS 17.3 that prevents some attack, either intentionally or unintentional.

      Unintentional would be: Apple dev finds a bug and fixes it, without thinking too much about the consequences of the bug. Itâ(TM)s wrong, so you fix it. Or: Thereâ(TM)s a bug that allows changing memory location X, and changing X is an attack vector. Some random code change leaves the bug, but it now changes location Y, which is harmless. Y might be inside a decoded image so all you get is some pixels incorrect, while X was inside an undecoded image and exploits a bug in the decoder.
  • by bubblyceiling ( 7940768 ) on Wednesday July 17, 2024 @02:45PM (#64633417)
    Based on the matrix for iOS, these are the same limitations as for "checkm8", which is very widely used exploit and is well known. As such these limitations sound like they would only apply to their standard UFED Kit.

    The cloud based "Premium Service" probably costs a lot more and I find it very hard to believe that they would be relying on checkm8 for that. In all likelihood they have some 0-days lined up for customers willing to pay. As the article also says

    ... Cellebrite Premium, a service that either gives the client’s UFED more capabilities, is handled in Cellebrite’s own cloud, or comes as an “offline turnkey solution,” according to a video on Cellebrite’s website. That video says that Cellebrite Premium is capable of obtaining the passcode for “nearly all of today’s mobile devices, including the latest iOS and Android versions.”
    • nearly all of today’s mobile devices, including the latest iOS and Android versions

      Very weasely wording. They could mean nearly all of the latest iOS and Android versions rather than just nearly all of the hardware.

  • There's no phone they can't unlock. There's always some trick, some vulnerability, and it's just a matter of having a determined hacker work on the device for long enough. This is just a ruse to give criminals and terrorists a false sense of security.

  • Still not owning a smartphone. $40 plastic semi-dumbphone (runs a very stripped-down version of Android). Every month that passes I seem to have even more reasons to never own a smartphone, and the list of reasons to get one never increases. Also enjoying that whopping $25 per month to use it.
    • How do you send E2EE messages or do you just not bother with that phone?
      • *shrug* I don't.

        I pay for Proton email since I got fiber internet, and that's E2EE, but I don't even consider that to be secure.

        If I want 'secure communications' I'll have a F2F conversation with someone, but considering that I'm not an intelligence operative or a criminal, there's very little I ever have to discuss with anyone that's so sensitive I'd worry about being surveilled.

        Also what makes you think your smartphone is in any way shape or form secure, regardless of what 'app' you use? Your phone com

    • Which just means that's not where your secrets are stored. Either you have to hide your paper really well or you are using some other electronic device.

      • If I have any secrets, they're in my head and nowhere else. Even if you seize all my computers all you're going to find are some very meticulous records of what I eat every day, and a rather sad little collection of porn clips.
    • Congratulations!!

      I only pay $12.50/month to use my phone.

    • Reminds me of the 'Annedroyids'(not an actual name) which were just gussied up feature phones with a touchscreen and UI specifically crafted in hopes in tricking buyers into thinking they were getting an actual Android phone instead of the J2ME running crap they were trying to replace. Kind of like selling a Magnetbox or a Sorny.
      • Except I wasn't fooled into anything, I specifically chose a non-smartphone. Doesn't even have a touchscreen (thankfully. I hate touchsceens). It's about as close to an old Nokia phone as you can get without being an old Nokia phone. The only thing I don't care for is multi-tap for text messages, can be really tedious at times.
  • Even as a foreigner, if I sold a tool to decrypt a commercial encryption scheme to Americans I'd be violating the DMCA right? Is what they are doing specifically exempt or are they just getting away with it because the government chooses to turn a blind eye? Why do I risk jail for hacking my tractor but they can legally break into a strangers phone?

    • The DMCA is about copyright violations. And you can go against copyright violators. But making tools is not part of DMCA.

      The unabomber claimed that publishing his blackmail letters (to catch him) was copyright violation. Which was basically admitting guilt, because only the copyright holder can sue.
    • "For thee but not for me". The butt end of a double standard always applies to the plebs.
  • by bill_mcgonigle ( 4333 ) * on Wednesday July 17, 2024 @11:16PM (#64634283) Homepage Journal

    https://superchargednews.com/2... [superchargednews.com]

    No email signup nonsense to read.

    But tldr: iOS 17.4+ or Pixel 6/7/8.

  • by gnasher719 ( 869701 ) on Thursday July 18, 2024 @03:23AM (#64634513)
    "Supports iPhone XR and iPhone XSâ. Itâ(TM)s not quite what I would call âoesupportingâ.

    But they cannot hack iPhone 12 and newer. Thatâ(TM)s four complete generations. I assume there is hardware in an iPhone 11 that they can attack and that apple cannot fix for less than the price of an iPhone 12 on eBay.
  • For me, the interesting part is that Pixel 6 is protected, but other more recent Androids lie the S24 are not.
    Since they are all running the same basic Android versions, I'd LOVE to know what the diferences are.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...