For law enforcement types, the Holy Grail for defeating encryption and the rock-ribbed security of electronic devices would be the ability to unlock smartphones without the need for company cooperation or a warrant. One need only go back to the standoff between the FBI and Apple back in June 2016 in the wake of the San Bernardino shootings to get an understanding of the tensions between law enforcement and the tech community – specifically, Apple, in that instance.
The time is upon us where the cops have gained the upper hand- at least for the time being. In law enforcement quarters there is probably applause at news emanating from a major U.S. government contractor that it has found a way to unlock just about every iPhone on the market. It is also probable that this news is greeted with less than glee in privacy circles. If the news is true, as it appears it is, it may render moot many thorny issues between law enforcement and the tech industry that produces secure devices.
The company, Cellebrite, is an Israeli vendor that has become the go-to choice for the U.S. government when it comes to unlocking mobile devices. Right now, the company can access the devices running iOS 11, which includes the much-celebrated iPhone X. Apparently it demonstrated this ability when tasked to open an iPhone X by the Department of Homeland Security (DHS) back in November of 2017.
Although not talking publicly on the record yet, the company has recently developed undisclosed techniques to get into iOS 11, and is promoting this expertise to both law enforcement and industries around the world. Cellebrite’s literature boasts the ability to unlock virtually all “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.”
This news is surprising, and possibly unnerving to Apple and Apple aficionados who were certain that their information was safe. It was only a scant six months ago that everyone was assured that the latest technology designed to thwart attempts at unlocking – certainly from private forensic firms- was in place. It even featured protections against forced unlocks with fingerprints – a popular and frequent field tactic of law enforcement.
The only good news – if you can call it that – is that the unlocking of a device is not physically an easy matter. Cellebrite must have possession of the device, as it doesn’t do its work remotely. On the other hand, though a bit time-consuming, the process is relatively inexpensive – costing about $1500 per unlock. But, again, the device must physically be shipped to Cellebrite’s premises. Only in its labs “can (the company) determine or disable the PIN, pattern, password screen locks or passcodes on the latest Apple iOS and Google Android devices.”
For now, it appears that Cellebrite is content to ply its proprietary technology on a case by case, ad hoc basis for selected government entities, rather than garner larger profits by putting the unlocking solutions into its software. This is a calculated move. If it were to go public with its unlocking technology, it would invite the industry – in this case, Apple – to technologically respond in a way that would obviate Cellebrite’s advantage – using patches, for example. That is, until Cellebrite finds a new way in.
This is surely an expensive and labor-intensive cat-and-mouse game, and Cellebrite is winning. For now, it is a lucrative proposition for Cellebrite, as witnessed by a recent $2 million contract with the U.S. Immigration and Customs Enforcement Agency (ICE) on one deal alone. It also counts the U.S. Secret Service as a customer, in addition to the aforementioned FBI. But while law enforcement may be happy, other folks are not.
Civil libertarians and privacy activists alike are concerned about Cellebrite’s hoarding of its technology and fear that by not providing the tech giants with remedies the public is harmed by its technology’s intrusiveness. Also of great concern is the fact that law enforcement may be circumventing judicial oversight in not having to get warrants for searches as required by statute. This feeling is summed up in these words from the Electronic Frontier Foundation (EFF):
“When it comes to the international border, as the EFF has argued in court and in Congress, the government really needs to get a warrant before it searches our phones. It’s all the more true when we see the ever expanding power of governments to get into those phones.”
Image credit: By Billion Photos/Shutterstock.