Cellebrite, a company based out of Israel, has claimed it found a way to break into any iPhone ever made, as well as many Android phones. Cellebrite , which was reportedly the company that aided the FBI in hacking into the iPhone of the San Bernardino shooter after Apple refused to help, has been chastised by many in the industry for allegedly possessing information regarding flaws in the phones, but refusing to share those to help the devices be improved. This revelation came in the midst of an update to its website promoting the iPhone hacking technology called UFED premium.
The announcement from Cellebrite came in the form of an update this week to its website promoting the iPhone-hacking technology, dubbed “UFED Premium,” as “the only on-premise solution for law enforcement agencies to unlock and extract crucial mobile phone evidence from all iOS and high-end Android devices.”
The product enables a full file system extraction, allowing, in effect, a copy of the phone’s data to be transferred to a client’s computer. It lets law enforcement agencies obtain “access to 3rd party app data, chat conversations, downloaded emails and email attachments, deleted content and more,” the company boasts. “Increase your chances of finding the incriminating evidence and bringing your case to a resolution,” it says in its sales pitch.
It also highlights its ability to recover “unallocated data,” or the sometimes still-recoverable remnants of deleted files.
Cellebrite’s technology does not work remotely. It requires a specially designed device to be physically connected to the phone being hacked. Cellebrite has faced widespread criticism for its refusal to reveal its methods to Apple so the tech giant’s security technicians can seal up the vulnerabilities. The company has long argued that its help to law enforcement agencies brings greater benefit to the public.
“There’s a public safety imperative here. These capabilities are germane again to homicide, crimes against children, drug gangs, major public safety threats in any community,” the company’s chief marketing officer, Jeremy Nazarian, told Forbes in a March 2018 interview. “We feel an obligation to those serving the public safety mission to ensure those capabilities are preserved, to the extent that they can be.”
The company has also insisted that it requires potential clients to demonstrate they have the authority to access an iPhone or Android device before making their product available. It has also said the technology’s dependence on physically interfacing with the phones means it is unlikely to be misused.
There are also fears a Cellebrite kit could be reverse engineered to uncover vulnerabilities that the company continues to keep hidden from the cellphone makers.
Apple has long refused US law enforcement agencies’ requests to create backdoors to its operating system that would allow entry into customers’ phones, and works hard to patch vulnerabilities discovered by companies like Cellebrite that specialize in forensic hacking. The iPhone maker has argued that no backdoor or vulnerability is ever truly safe in the hands of law enforcement, as it could leak or be discovered independently.