Cellbrite made a name for itself in the wake of the San Bernardino terrorist attack and other incidents where law enforcement agencies have wanted to break into locked and encrypted smartphones. The company, which is obviously popular with law enforcement agencies, found itself in a game of ‘whack-a-mole’ as phone makers upped the ante and added security features that rendered the devices useless on newer hardware and software.
But Cellbrite now says they can bypass all versions of iOS as well as many Android devices.
Cellbrite‘s basic method is to execute a brute force attack against devices. Apple and others thwarted this by adding features such as iOS’ USB Restricted Mode and the use of time delays after subsequent failed passcode attempts. Cellebrite also says that its hardware supports data extraction from Android devices including those made by Samsung, Motorola, Xiaomi, and Huawei.
However, the company has announced that it can perform “a full file system extraction on any iOS device” with its latest product, the UFED Premium. It uses newly developed algorithms that minimise unlock attempts. Cellbrite says it works on iPhones and iPads running iOS 12.3.
UFED and UFED Premium are pitched to law enforcement agencies that are trying to unlock devices that may have been linked to a crime or when a suspect can’t or won’t unlock a device.
While the devices are available to law enforcement, they are finding their way onto the open market. A recent article at Forbes reported that someone picked up one of these devices in a tech junk auction on Ebay for about US$100.
And this highlights the danger of this technology.
While access to devices and information, subject to appropriate judicial overview is OK, the devices themselves will eventually find their way into criminal hands. While Cellbrite may take steps to control who it sells the UFED and UFED Premium it can’t control what happens later – something made obvious in the Forbes story. And there are countless cases on corrupt or negligent police officers accessing data without appropriate oversight.
For now, it seems that the ongoing game between smartphone makers and Cellbrite will continue. Android Q and iOS 13 are nearing widespread public release and new iPhones and Android devices, like the Google Pixel 4 could make Cellbrite’s latest update obsolete – at least for new devices.
In the mean time, in order to protect your own data, keep your devices physically secure, ensure you install the latest system updates and patches and keep using strong passcodes and biometrics. The odds of your device being hacked by a criminal using a Cellbrite device remain very low but, at some point, the technology inside these devices will become more easily accessed.