FBI No Longer Needs Apple – Feds Apparently Unlocked an iPhone X Without Any Trouble
It appears the FBI won't have to fight Apple over iPhone unlocking since Cellebrite has reportedly found a way to unlock iOS 11 powered iPhones, including the latest iPhone X. The company has been advertising this new capability to its customers, the list that also includes the US government.
The latest report published by Forbes suggests Cellebrite can hack into iOS 11 iPhones, however, it is likely the ability is limited to earlier versions of iOS 11 when several exploits were discovered. Citing anonymous sources, the publication reported:
The company's literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of "Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11." Separately, a source in the police forensics community told Forbes he'd been told by Cellebrite it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple's newest devices worked in much the same way.
Authorities managed to get iPhone X data without the 2016 fuss
The report also adds that the Department for Homeland Security managed to get into an iPhone X probably with the likely use of Cellebrite technology back in November 2017. It's surprising how quietly that went down after the 2016 battle between iPhone maker and the FBI. The agency had reportedly paid millions for breaking into an iPhone 5c, a particularly insecure product when compared to the latest models.
On that end, however, experts have raised concerns that the authorities may have simply lifted the device to the suspect's face to unlock it using Apple's Face ID recognition system. It remains unclear what method or technology was exactly used by law enforcement in the November case. However, the warrant claims the iPhone X was sent to a Cellebrite-trained specialist for forensic extraction, potentially ruling out the "forced lift to unlock" concerns.
Cellebrite and other vulnerability hoarders have come under scrutiny on numerous occasions for their focus on using exploits rather than helping companies to patch them. Experts warn that these exploits that are known to private companies put not only the end users, but particularly the government and intelligence officials at security risk. "All of us who're walking around with this vulnerability are in danger," Adam Schwartz of Electronic Frontier Foundation said.
"When it comes to the international border, as the EFF has argued in court and in Congress, the government really needs to get a warrant before it searches our phones. It's all the more true when we see the ever expanding power of governments to get into those phones."
It should be noted that this purported iOS 11 hack requires physical access to the device. Probably not a concern for the end user, this does make the job easier for state sponsored hackers and government officials, if it's indeed the latest versions of iOS 11 that remain vulnerable. In any case, keep your products up to date as it reduces your exposure to known vulnerabilities.