US federal government contractor Cellbrite says that it now has the ability to break into any iPhone the government wants, even the iPhone X.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- US government contractor Cellebrite can now break the encryption on all models of iPhone and all versions of iOS, according to Forbes.
- It's likely that Cellebrite is using unknown zero-day exploits to gain access to iPhones, which puts us in a position similar to those that caused previous major security incidents: A single company is hoarding exploits, putting us one hack away from the leak of incredibly powerful tools.
Sources told Forbes that Cellebrite has developed a way to break into Apple devices that run iOS, up to and including iOS 11 and the iPhone X.
The US government previously used Cellebrite to break encryption on iPhones, but Apple has fought hard to protect encryption on its devices. For that reason, Cellebrite is being incredibly tight-lipped about how it has managed to crack iPhone encryption, requiring agencies to ship phones to the company in order to perform the unlock.
With Cellebrite choosing to keep their new methods purely in-house it's unlikely Apple will be able to determine how the company is gaining access. Whether or not Apple will respond to Cellebrite with a legal challenge remains to be seen.
Is Cellebrite hoarding iOS vulnerabilities?
Electronic Frontier Foundation attorney Adam Schwartz told Forbes that it was clear Cellebrite was hoarding iOS vulnerabilities that it wasn't disclosing to Apple. If true, that makes the company a serious security risk for Apple device users.
Cellebrite may be using zero-day flaws in iOS to gain access to devices, which wouldn't be surprising--it's a commonly used trick. The concern for anyone with an iOS device would be the security of the exploits Cellebrite has discovered but not shared.
It was less than two years ago that a hacking group called The Shadow Brokers stole a hoard of hacking tools belonging to the NSA, and started leaking them online. The tools used zero-day exploits that were likely unknown by software vendors--once the tools were released, holes were quickly patched.
SEE: Mobile device computing policy (Tech Pro Research)
If the NSA can't keep its trove of zero-day exploits safe, is it reasonable to expect a private company to be able to reliably do so? Keep in mind that Italy-based Hacking Team had a number of its government-used tools stolen and leaked as well.
With Cellebrite claiming to be able to access the newest iPhones and iOS versions, it's safe to assume they've discovered new, unknown exploits. Previous leaks of government-level security tools have resulted in ransomware outbreaks like WannaCry, which means an attack on Cellebrite could lead to an iOS security incident on a level previously unseen.
In the meantime, iPhone users should be sure they're keeping their devices up to date to avoid exploitation of any security holes. Aside from that, there's not much that can be done, especially when there are secret tools in the world that can "determine or disable the PIN, pattern, password screen locks or passcodes on the latest Apple iOS and Google Android devices."
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Triton exploited zero-day flaw to target industrial systems (ZDNet)
- Zero day exploits: What they are and how they work (TechRepublic)
- Ex-NSA hacker drops macOS High Sierra zero-day hours before launch (ZDNet)
- The most damaging software vulnerabilities of 2017, so far (TechRepublic)