iPhones are normally incredibly secure devices. But an Israeli data extraction firm recently announced that it can bypass the strong encryption on basically any iPhone currently on the market.
Cellebrite, an Israel-based data extraction vendor and high-profile U.S. government contractor, is apparently advertising that it can unlock Apple devices running iOS 11 — which includes the Cupertino company’s latest iPhone X. It likely represents a privacy issue for Apple and its more security-conscious customers.
The Israeli firm hasn’t publicly unveiled its new iOS 11 cracking capabilities — at least, not technically. Sources familiar with the matter told Forbes that Cellebrite had developed methods to break into iOS 11, and is actively advertising its services to law enforcement and private forensic firms across the globe.
And while Cellebrite hasn’t issued a press release or similar public announcement, some of the copy on its website notes that it can unlock pretty much any of Apple’s mobile devices “running iOS 5 to iOS 11.”
In order to keep their techniques secret, Cellebrite requires government or private customers to send locked devices to their labs. As such, it’s not known how the firm unlocks or bypasses Apple’s encryption.
The service is cheap, too. Breaking into an iPhone can apparently cost as little as $1,500 per device. As Forbes points out, that’s pennies on the dollar compared to the $1 million price that some cybersecurity firms pay for iPhone vulnerabilities.
Cellebrite gained prominence after the firm was rumored to have helped the FBI unlock the iPhone 5c belonging to one of the San Bernardino shooters. As it turns out, the FBI probably didn’t use Cellebrite’s services, but the Israeli company does regularly work with U.S. federal agencies to crack iPhones.
According to Forbes, the U.S. Department of Homeland Security was able to crack an iPhone X during the course of an arms trafficking case last November. The publication uncovered a warrant suggesting that DHS sent an iPhone X to Cellebrite on Nov. 20 — and received extracted data from that device on Dec. 5.
The implications of Cellebrite’s new potential unlocking techniques could spell trouble for Apple’s strong commitment to privacy.
Apple, in its own words, believes that privacy is a fundamental human right. From butting heads with the FBI and refusing to create a backdoor into its systems to consistently resisting requests for private user data, the company’s actions speak to that fact. Apple also regularly fields new and stronger security features and improvements across its operating systems.
The idea is to stay one step ahead of entities like Cellebrite and the federal agencies it works with. On the other hand, because Cellebrite doesn’t let its techniques or extraction tools out of its lab, it’s likely extremely difficult for Apple to pin down the specific vulnerabilities or exploits and issue patches for them.
In other words, if Cellebrite can unlock basically any device, it means that a variety of agencies that contract the firm probably can, too. And, worse still for privacy advocates, it might not be easy for Apple to mitigate those security holes.