
Cellebrite Claims It Can Unlock Any iPhone - hsnewman
https://www.schneier.com/blog/archives/2019/06/cellebrite_clai.html
======
dang
[https://news.ycombinator.com/item?id=20193808](https://news.ycombinator.com/item?id=20193808)

------
xwdv
All you need to unlock any iPhone is a proprietary zero day flaw. Not exactly
newsworthy. Their technique can vanish at any moment if it’s discovered and
fixed.

~~~
gingabriska
Is it legal to monetize zeroday like this?

~~~
penagwin
My understanding (under US law) is that accessing computer systems without
authorization is illegal.

However, you can totally make tools to hack your own stuff.

And this company only advertises their unlocking abilities to law enforcement
services, who are presumably authorized to access the device (via warrant). So
the company itself isn't accessing devices without authorization, so they
aren't technically "hacking anybody".

~~~
maxaf
> law enforcement services, who are presumably authorized to access the device

Cue Tony Soprano saying "warrant! WARRANT!" to his housekeeper.

What are the chances that Cellebrite requires clients to supply a warrant for
each device they unlock?

~~~
penagwin
I don't think they would need to?

Cellebrite sells law enforcement an on-premise method to unlock devices. At
that point it's no longer Cellebrite unlocking the phones, it's Law
enforcement who is unlocking the devices.

Since they (at glance) only sell to law enforcement I think it's reasonable to
assume that they expect their device to be used legally (they aren't selling
it to @xxXRUSKI1337Hax04xXX who we all no is up to no good.)

Disclaimer: My understanding is mostly of US law, the company is Israeli and
I'm not familiar with Israeli law, or the laws of other countries Cellebrite
contracts with, although I think this would similarly apply to most
jurisdictions

~~~
maxaf
Police officers conducting a search of a suspect's premises must present a
valid search warrant. Police officers requesting that a telecom company aid in
surveillance of a suspect must present a valid search warrant. Google, despite
of late being the butt of all jokes, will not cooperate with police officers
unless a valid warrant is presented. Thus it follows that Cellebrite isn't
somehow excluded from following the law just like all those other companies,
and cannot support unlocking of iPhones or other devices without being shown a
valid search warrant.

~~~
delinka
Celebrate doesn't need to know anything about warrants. They sell a physical
device to law enforcement agencies. They don't validate individual uses of the
equipment. Seems to me no different than a gun manufacturer selling guns to
law enforcement and not needing to validate individual firings of the gun.

------
unstatusthequo
This is partly why being on iOS betas might be good personal mitigation. They
may not have immediate capability on any particular iOS beta. The exploit may
or may not exist, or their code would need to be updated to properly handle
it. So, to me, it makes sense to stay ahead of their development cycle and
avoid a threat if you have a reason to think law enforcement might want your
phone contents.

~~~
consp
Or, more likely, you open yourself up to programmer error and easier-to-find
exploits since the software hasn't been properly tested since you are doing
that for them.

~~~
vxNsr
On the other hand the people developing these hacks haven't had as long to
find any new vunls so you're really only potentially vulnerable to old hacks.

------
octosphere
There is a myth in the infosec community that phones, because of their
tendency to be 'always on' devices; that phones are more secure/private than a
standard Windows desktop machine or even a macbook machine running OSX. This
is a BS concept - Phones leak data all over the place and have a higher data
exhaust than a desktop computer.

Unless the phone is flashed with LineageOS[0], it will phone home data to
Google nonstop and beacon out its presence to hackers 24/7\. To make matters
worse, there is a huge fragmentation problem with Android and some phones are
disallowed from updating to the latest Android version. The same goes for iOS;
a user can often be locked into using the same iOS version and cant upgrade to
the latest version (a huge security hole)

[0] [https://www.lineageos.org/](https://www.lineageos.org/)

~~~
jstarfish
> There is a myth in the infosec community ... that phones are more
> secure/private than a standard Windows desktop machine

This doesn't make sense on any level. What subset of the infosec community
actually believes this? Teenagers hiding porn from their parents?

~~~
wmf
[https://news.ycombinator.com/item?id=14241752](https://news.ycombinator.com/item?id=14241752)
for example.

------
novok
Even if this is fixed, law enforcement just has to capture a device and wait
until someone creates a security exploit for the new version. They might wait
a couple of years, but either way, you can't treat your devices as eternally
safe encryption vaults.

~~~
henryfjordan
Maybe we should put a sort of dead-man's switch in these things? Delete
everything if the phone hasn't been unlocked in 3 months?

~~~
modsiw
That requires execution. The adversary can prevent execution.

------
clubm8
I suspect these things rely on the device not being powered up when seized.

~~~
wmf
How does that help?

------
ebg13
Does Apple attempt to infiltrate Cellebrite with secret agents so that
whatever flaws they're exploiting can be identified and fixed?

~~~
coldcode
I guarantee Apple has access to these as soon as they appear. I also have
doubts that their claims are true, since we cannot verify that it in any way.

~~~
SigmundA
Apple uses Cellebrite in their stores to help transfer phones and recover
them:

[https://twitter.com/antisocial_eng/status/108630141615779020...](https://twitter.com/antisocial_eng/status/1086301416157790208)

