Israel-based Cellebrite reportedly privately announced the capability to subvert the security of iOS 11 enabled devices including the latest iPhone, iPad, iPad mini, iPad Pro and iPod touch. Cellebrite works with the principal law enforcement and intelligence agencies worldwide.
Cellebrite provides the FBI with decryption technology as part of a contract signed in 2013, its technology allows investigators to extract information from mobile devices.
While the company hasn’t made a public announcement concerning its capabilities, anonymous sources told Forbes that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics firms across the globe.
A separate source in the police forensics community told the publication Cellebrite told him the company could unlock an iPhone 8 and that he believed the same was possible for the most recent iPhone X. Apple has yet to address the claims but the tech firm recently released iOS 11.2 to address several serious vulnerabilities that were spotted by Google Project Zero. Despite the updates, it appears the exploits may have already been used on an iPhone X in a federal investigation involving an arms trafficking case, the publication said citing a warrant.
A suspect’s device was sent to a Cellebrite specialist at the DHS Homeland Security Investigations Grand Rapids labs and the data extracted on December 5, 2017.
“In addition to this potentially impacting civil rights and due process, it also relies heavily on the ability of Cellebrite (and similar firms) to keep the code out of the hands of malicious actors,” Soto, director of security research at JASK, said. “It’s difficult to do this, as evidenced by the leaks of NSA exploitation code.”
He went on to say that once threat actors gain access to these tool, they can implement aggressive mass exploitations that have the potential to cause extensive losses and, in some cases, put the general population’s well-being at risk.
Source: Cyber Security Network.