Thomas Fox-Brewster, Forbes:
Cellebrite, a Petah Tikva, Israel-based vendor that’s become the U.S. government’s company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.
The Israeli firm, a subsidiary of Japan’s Sun Corporation, hasn’t made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. […]
On some level, this is extremely impressive. The iPhone is the gold standard in consumer smartphone security — possibly in smartphone security period — and they keep improving with every generation. A flaw that allows someone to bypass an iPhone’s hardware-enforced encryption is very rare indeed; that’s why some security firms will pay up to a million dollars for that kind of an exploit.
But it is deeply troubling as well. While we don’t know anything about Cellebrite’s technique for breaching an iPhone’s security — including whether their method has been patched in an iOS 11 update — it is notable that a security firm has found an exploit but is unlikely to tell Apple about it. It’s concerning that three-letter agencies are hoarding zero-days, but at least those agencies are ostensibly publicly accountable. That doesn’t make it right, but it does make it slightly easier to stomach than a for-profit company charging $1,500 a pop to law enforcement agencies worldwide — some of which are less reputable than others, mind you — and not disclosing vulnerabilities to software vendors is callous. It puts users worldwide at risk for their financial gain.
Update: If you are worried about the possibility of Cellebrite — or anyone else who figures out their PIN cracking methodology — breaking into your phone, Ray “Redacted” has a good tip:
If you are concerned by this then one thing you can due to mitigate it is to change your iPhone PIN from a six digit number to an alphanumeric passphrase. The cellebrite exploit involves a brute force PIN trick that allows unlimited attempts without wiping.
Like any passphrase, it should contain a mix of lowercase and uppercase letters, numbers, and symbols. It can even be of a similar length, but a greater combination of character options means a longer cracking process.
Update: Fox-Brewster has confirmed with Cellebrite that their method can unlock iPhones running up to iOS 11.2.6, the latest public release.