Israel-based Cellebrite, a company that has forged a strong commercial bond with a number of US government departments, claims its engineers have the ability to get around the security of any device running iOS 11 - including the iPhone X with FaceID. They have already had success, according to one arrest warrant and the associated brief of evidence in a US case which could have global repercussions.
Ever since the FBI and Apple locked horns over the San Bernardino shootings and Apple said they were not able to decrypt the data on an iPhone 5C used by the alleged shooters, there has been an escalating argument regarding the obligations on hardware and software companies to provide assistance to law enforcement agencies when it comes to accessing encrypted data.
But this report from Forbes suggests Cellebrite is offering to unlock any iOS device for just US$1500 per unlock. Given it's rumoured the FBI paid US$1M to unlock the San Bernardino phone, that's a bargain.
What isn't clear is whether the company is using a vulnerability that they have kept to themselves and not reported, if they are using some sort of brute-force mechanism, or the hack requires hardware access. Either way, if you're an iPhone owner it's possible your device may not be as secure as you think.
There's also an interesting ethical conundrum. Cellebrite makes its money by breaking into devices, presumably by researching and hoarding vulnerabilities. Many people believe that such vulnerabilities should be disclosed to manufacturers so they can make safer products for all of us. But Cellebrite's actions are more like those of threat actors who use vulnerabilities for personal gain. Whether this is ethical is an interesting question.
What do you think?