UPDATED 22:55 EDT / FEBRUARY 26 2018

INFRA

Israeli security firm Cellebrite claims to be able to hack iOS 11

Israeli security company Cellebrite, a major U.S. government contractor perhaps best known as the company that assisted authorities to crack the iPhone used by the San Bernardino massacre shooter, is now claiming to have found a way to unlock nearly every iPhone on the market.

The claim suggests that iOS 11 isn’t as secure as Apple Inc. claims it to be. According to Forbes, the firm hasn’t made any major public announcement about its new iOS capabilities, but two sources claimed that the iPhone hacking breakthrough, involving undisclosed techniques to get into iOS 11, occurred recently and the company is advertising the fact to law enforcement and private forensics folks worldwide.

Adocument currently sitting on Cellbrite’s own server, dated from January, makes the following claims, meaning that the ability to hack iOS 11 may not be such a big secret after all:

Devices supported for Advanced Unlocking and Extraction Services include:

Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.

Google Android devices, including Samsung Galaxy and Galaxy Note devices; and other popular devices from Alcatel, Google Nexus, HTC, Huawei, LG, Motorola, ZTE, and more.

“This is certain to elevate the debate between technology firms and law enforcement about data privacy and access,” Ben Johnson, co-founder and chief technology officer of Obsidian Security Inc., told SiliconANGLE. But in the current climate, he said, nothing is really private.

“If you have information on a device, people who are determined to get it — whether that’s government entities or hackers — probably can,” Johnson said. “While that is concerning for consumers, we should expect that companies like Apple will only use these tools to their advantage to patch any vulnerabilities that they may exploit.”

Discussing the broader ramifications, Rod Soto, director of security research at JASK, noted that keeping new exploits secret in the name of security or for law enforcement is dangerous.

“In addition to this potentially impacting civil rights and due process, it also relies heavily on the ability of Cellebrite (and similar firms) to keep the code out of the hands of malicious actors,” Soto said. “It’s difficult to do this, as evidenced by the leaks of NSA exploitation code. Once bad actors gain access to tools like these, they can move on aggressive mass exploitations that have the potential to cause extensive losses and, in some cases, put the general population’s well-being at risk.”

Photo: intelfreepress/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU