An Israeli company that specializes in helping law enforcement agencies unlock cellphones announced it has found a way to break into any iPhone ever made, as well as many Android phones.
The Petah Tikva-based Cellebrite was reportedly the company the FBI used in 2016 to hack into the iPhone of the San Bernardino shooter after Apple refused the US government’s request to build a backdoor into its famously secure operating system.
The announcement from Cellebrite came in the form of an update this week to its website promoting the iPhone-hacking technology, dubbed “UFED Premium,” as “the only on-premise solution for law enforcement agencies to unlock and extract crucial mobile phone evidence from all iOS and high-end Android devices.”
The product enables a full file system extraction, allowing, in effect, a copy of the phone’s data to be transferred to a client’s computer. It lets law enforcement agencies obtain “access to 3rd party app data, chat conversations, downloaded emails and email attachments, deleted content and more,” the company boasts. “Increase your chances of finding the incriminating evidence and bringing your case to a resolution,” it says in its sales pitch.
It also highlights its ability to recover “unallocated data,” or the sometimes still-recoverable remnants of deleted files.
Cellebrite’s technology does not work remotely. It requires a specially designed device to be physically connected to the phone being hacked.
Cellebrite has faced widespread criticism for its refusal to reveal its methods to Apple so the tech giant’s security technicians can seal up the vulnerabilities.
The company has long argued that its help to law enforcement agencies brings greater benefit to the public.
“There’s a public safety imperative here. These capabilities are germane again to homicide, crimes against children, drug gangs, major public safety threats in any community,” the company’s chief marketing officer, Jeremy Nazarian, told Forbes in a March 2018 interview. “We feel an obligation to those serving the public safety mission to ensure those capabilities are preserved, to the extent that they can be.”
The company has also insisted that it requires potential clients to demonstrate they have the authority to access an iPhone or Android device before making their product available. It has also said the technology’s dependence on physically interfacing with the phones means it is unlikely to be misused.
But critics have noted that Cellebrite has had difficulty ensuring kits it has sent to clients remain with the clients. In February, Cellebrite phone-hacking kits were found on sale on eBay, while some clients have not returned the kits to Cellebrite after use, as the company requests.
There are also fears a Cellebrite kit could be reverse engineered to uncover vulnerabilities that the company continues to keep hidden from the cellphone makers.
Apple has long refused US law enforcement agencies’ requests to create backdoors to its operating system that would allow entry into customers’ phones, and works hard to patch vulnerabilities discovered by companies like Cellebrite that specialize in forensic hacking. The iPhone maker has argued that no backdoor or vulnerability is ever truly safe in the hands of law enforcement, as it could leak or be discovered independently.