
Israeli firm can steal phone data in seconds - chang2301
http://phys.org/news/2016-11-israeli-firm-seconds.html
======
turc1656
"But privacy and rights activists worry such powerful technology can wind up
in the wrong hands, leading to abuses."

Am I to believe that this firm is the right hands? Or government? Please...all
hands are the wrong hands. These vulnerabilities need to be closed. I wouldn't
be surprised if the NSA or some other government tentacle was paying them not
to make whatever they found known.

Gee, I sound paranoid. What am I thinking, our government would never do that.
Oh wait... [http://www.reuters.com/article/us-usa-security-rsa-
idUSBRE9B...](http://www.reuters.com/article/us-usa-security-rsa-
idUSBRE9BJ1C220131220)

~~~
flipp3r
Actually Cellebrite themselves have been victim of some kind of hack last
month and had a load of their internal documents leaked online. So no, if any,
this firm is _not_ the right hands.

~~~
rdtsc
Any place which hoards 0-days is a prime target. Even if they are considered
to be the "right hands", the "wrong hands" could grab those exploits
eventually.

~~~
AtheistOfFail
When the target holds a lot of $1 million dollar 0-day exploits, the target is
worth hacking into.

------
1024core
"Could you do anything to deprive them from throwing a stone at someone or
from driving a car and running over people?

"You can't blame the car manufacturer at that point for delivering a car that
was utilised to commit that kind of crime," he said.

This is specious reasoning. The point of a car is not to run over people; it's
to go from point A to point B. This technology, on the other hand, has only
one purpose: to break into cellphones.

~~~
gnarbarian
I think it's an important distinction. The crime is in how it's used, not in
the technology itself. Banning the tech outright only affects actors who are
willing to follow the law. So banning this tool would mostly limit white hats.

The same principle applies to gun rights for example. The gun itself isn't the
problem, it's how someone chooses to use it. (self defense vs crime). Nobody
is an absolutist here, everyone draws the line somewhere slightly different.

Outlawing the tech ensures that good guys lose the arms race every time.

When I say good guys I don't necessarily mean the government. I mean anyone
out there who is not using the tech for malicious intent. People using guns
for self defense, breaking into an encrypted device to solve a crime, or
retrieve lost work etc.

This keeps the focus on improving the actual technology (encryption). Rather
than just banning law abiding citizens from taking part.

------
deutronium
Regarding the iPhone 5c, the attack from Sergei Skorobogatov is very
interesting.

"The bumpy road towards iPhone 5c NAND mirroring" \-
[https://arxiv.org/abs/1609.04327](https://arxiv.org/abs/1609.04327)

And the video:

[https://www.youtube.com/watch?v=tM66GWrwbsY](https://www.youtube.com/watch?v=tM66GWrwbsY)

------
module0000
It goes without saying - don't make this easy for them(or anyone). Use a
_strong_ alphanumeric password on your mobile devices. It's annoying and
inconvenient until it saves your ass - there is still no "fast" way to crack a
password like "My 42nd spaceship had 4 hearts of gold.", but it's not that
difficult for your brain to remember.

Fingerprint unlock can save you some of the PITA of typing it - just be sure
you _power off_ your device when you have even the slightest chance of
encountering an actor that could seize your mobile device - that way the
passphrase will be required.

~~~
drvdevd
Another interesting point they mention is "recovering years long deleted
texts." Consider the filesystem your phone uses for volumes it's writing data
to and how it (probably just) unlinks files when deleted... [edit] and I
should add a 'factory reset' will probably just write a new filesystem table
over the old on disk without wiping anything on most devices

~~~
jdironman
What about doing a factory reset, then use the 'encrypt device' option, then
doing another factory reset. Would that provide an extra measure?

Unless, of course, the data in it's final state before the final factory reset
is un-encrypted.

~~~
drvdevd
Of course it depends on the phone. Many qualcomm based Android devices seem to
have had their Full Disk Encryption scheme broken at the moment [1], for
example. But either way, if your disk encryption scheme doesn't fully wipe the
disk before use, then any data that _ever_ hit the disk unencrypted could
still possibly be sitting there until its physical blocks are consumed (or
could be in a cache somewhere). Again this also depends on the hardware, in
this case the storage hardware itself. SSDs using TRIM can wipe unused,
unencrypted blocks for example in some scenarios. Who knows about the
particular functioning of some SD type controller in a phone or even the
card's own embedded OS [2].

I would say if you have data on your smartphone you don't want recoverable at
rest, take module0000's advice, then also use encryption, and then also use a
multi-pass wipe tool on particluar files. Of course all of this could still
not work.

For example, I'm not sure what the forensic ramifications of a seemingly more
complex filesystem like APFS will be in the near future when it hits iOS.

[1] [https://bits-please.blogspot.com/2016/06/extracting-
qualcomm...](https://bits-please.blogspot.com/2016/06/extracting-qualcomms-
keymaster-keys.html)

[2]
[https://www.bunniestudios.com/blog/?p=3554](https://www.bunniestudios.com/blog/?p=3554)

------
brianpan
This is completely off-topic, but can we take a moment and recognize how
fantastic it is that the article has a picture of a hacker's desk with an
assortment of mobile devices like: a calculator, 3 bluetooth mice, and a
stapler?!

------
45h34jh53k4j
It will be interesting if Apple went after Cellebrite under the DMCA anti-
circumvention clauses. I would laugh if their product became illegal in the
United States.

~~~
tdkl
Probably not, it's an Israeli firm.

~~~
r00fus
Any sales to US firms could be curtailed or punished.

Just like security itself - the goal is to provide enough barriers so
predators go looking elsewhere for easier prey.

~~~
mschuster91
> Any sales to US firms could be curtailed or punished.

That doesn't really restrict the NSA, CIA, FBI or any other agency/PD from
buying their services. After all, that's what "black budgets" are for.

~~~
r00fus
Most of these firms use private contractors to do the dirty work. Unless
contractors can bypass legal oversight, they'll be constrained as well.

~~~
Daishiman
Overseas contractor hired by a shell corporation gets the phone sent outside
of the US. Boom.

All this assuming they even _care_ about legal compliance, which I am sure
that under the correct circumstances it won't matter one bit.

------
45h34jh53k4j
So we have learned that some phone vendors give Cellebrite their phones before
they reach market in order for them to discover and exploit vulnerabilities.
Apple refuses to do business with these 'forensic' criminals.

Do not purchase a phone from a vendor that engages in this unethical practise.

~~~
ikonst
Cellebrite got its start with the UME, a phone memory transfer tool for
carriers' (POS and support). Carrier-oriented tools are a major part of its
operations, though there have been some talks about spinning this off to a
separate company.

Cellebrite gets early access to phones NOT due to its forensics operations,
but for UME, since carriers (and that's lots(!) of carriers worldwide) are
very much interested in good consumer experience on the devices' launch day.

I actually doubt it's been particularly significant to its forensics
operations.

------
r00fus
You'd think if they could crack the latest iPhone/iOS they'd crow about it.

The article seems to paint it as a "we're confident we could" \- which seems
bizarrely vague. Why would they do that when they claim they can crack an LG
G4 wide open?

~~~
JumpCrisscross
From the article:

> _Ben-Peretz remains confident his company can crack even the newest
> iPhones._

~~~
eridius
The next line in the article:

> _iOS devices have strong security mechanisms that give us a challenge, but
> if anyone can address this challenge and provide a solution to law
> enforcement, it is Cellebrite, " he said, referring to Apple's operating
> system._

This makes it sounds like Cellebrite actually cannot currently crack the
latest phones running iOS 10, but the CEO is merely expressing his belief that
they'll figure out how to do it. See how he's not saying "we can do it", but
instead he's saying "if anyone can do it, it's going to be us".

------
Adverblessly
I wonder, if Ben-Peretz and his _checks_ 250 researcher team can crack
_checks_ 150 phones a month what is stopping the <scary US government
agency>/<Chinese equivalent>/<Russian equivalent> from forming a 2,500
researcher team and doing the same?

It's not like there's a shortage of relevant skills in the US (supposedly
responsible for stuxnet) or Russia.

Or is it just that <scary government agency> doesn't want to share its toys
with <local police>?

~~~
mschuster91
Ah well, with Mediatek based phones it's pretty easy - you can readback the
whole storage once you have its partition map from a rooted device, or you
know the size of its flash chip and figure out the partition bounds later.

Dunno about the situation with other phones but given that many cheap Androids
run Mediatek, it's not very difficult to claim a huge number of "crackable
phones".

The only thing that should protect you from any kind of government snoops is
encrypting your phone with a strong passphrase and shutting it off once you
leave a room taking the cops less than 30 seconds to enter.

------
sqeaky
Does encryption defeat this? If not how are they getting the key from memory?

Does encryption defeat this when the device is off? If not what flaws exist in
the encryption schemes?

~~~
ronreiter
Encryption could help but eventually exploits can beat anything.

~~~
sqeaky
Exploits are just ways to leverage those flaws. We have systems with no flaws
for some older tech. Eventually we will fix this one too.

------
arca_vorago
On a similar note, back when cell phones were just getting started, I started
parsing the ownership of the cell towers. I noticed an unusually high
correlation of Israeli companies owning them (back before the phone companies
themselves really started investing in them). Now think about the purpose of
an imsi catcher/stingray. The Israelis seem to be on the edge of cybersecurity
across the board. I know while in Iraq I got lots of training that was
decidely sourced from Israel too.

All that being said, Israel is also known as being just as active if not
moreso than Russia and China in their espionage against the US. I think that's
also worth considering.

~~~
defunctirl
Any specific resources/links re: that final comment? Not something I've ever
read about, although I could imagine.. Not discrediting your statement,
genuinely curious.

~~~
arca_vorago
Just a quick duck duck go search returns these:

[http://foreignpolicy.com/2015/03/24/spy_vs_spy_america_and_i...](http://foreignpolicy.com/2015/03/24/spy_vs_spy_america_and_israel_edition/)

[http://www.newsweek.com/2014/05/16/israel-wont-stop-
spying-u...](http://www.newsweek.com/2014/05/16/israel-wont-stop-spying-
us-249757.html)

[http://www.counterpunch.org/2009/03/12/israeli-spying-in-
the...](http://www.counterpunch.org/2009/03/12/israeli-spying-in-the-united-
states/)

[http://www.timesofisrael.com/new-nsa-document-highlights-
isr...](http://www.timesofisrael.com/new-nsa-document-highlights-israeli-
espionage-in-us/)

~~~
defunctirl
Cheers!

------
SG-
Confused why they didn't demo it breaking a modern iPhone instead of a random
Android device.

~~~
gordeh
Probably because they couldn't? Far easier to show of a random android
handset.

~~~
loader
They probably chose the device they have the best success cracking. I wonder
what phone they used ... checks ... LG G4 ... damn it, that's my phone.

------
wyldfire
> Among the data the firm claims to be able to access are text messages
> deleted years previously.

Among all the claims this one seems like it might be one that holds up with
very recent iOS/Android releases. It would be interesting to find out whether
they rely solely on the encryption to protect the deleted messages and whether
overwriting the data would be thwarted by flash device wear-leveling
indirection.

------
ka4eli
Sounds like an Apple advertisment.

~~~
sjwright
And the good kind of advertising, because it's accurate. Apple did the hard
engineering work across their entire software and hardware stack because they
knew it was important.

They didn't settle for _good enough_.

They didn't weasel out of it by blaming "ease of use" concerns.

They didn't argue that maximum security wasn't a high priority for their
customers.

They didn't deploy marketing slogans to pretend like they had done the hard
engineering work. ( _cough_ Knox _cough_ )

------
JumpCrisscross
Does anyone track the quantity of U.S. tax dollars which go to such firms?

------
jwildeboer
PR based self-marketing article is just that. "Be Very Afraid" hyperbole
AFAICS.

------
alimbada
They [the government] ask people to login to their email accounts and unlock
their phones at the border. They really don't even need any technology to
steal data. Intimidation works for them already.

~~~
brianwawok
Then we just need a phone inside a phone right? Provide them with a fake
password that shows no data, has 1 kids game app, and gives you plausible
deniability. If coded correctly would be no way to prove if there is or is not
a second deeper encrypted device.

~~~
wang_li
Backup your phone. Wipe your phone. Cross the border. Restore your phone.

~~~
alimbada
Or don't take your phone. On the other hand they've asked people to login to
their email accounts using laptops they've provided.

~~~
PhantomGremlin
Same thing for your laptop. Back everything up to the cloud, then load a clean
copy of the OS before crossing the border.

------
test_pilot
And somehow I can't connect my android phone to a mac computer with a USB
cable to copy photos out, without it crashing 50% of the time. I must be
missing something

------
amelius
Sounds like a risky business to be in. If Apple decides to change their
encryption technology, you could be out of business some time soon after a new
release.

~~~
chebastian
Your mistaken, looking at the forensic side of things burner phones are not
your regular iphone or android.

E.g random article from bestbuy.

[http://www.bestbuy.com/site/at-t-gophone-lg-b470-prepaid-
cel...](http://www.bestbuy.com/site/at-t-gophone-lg-b470-prepaid-cell-phone-
black/5444000.p?skuId=5444000)

------
libeclipse
I wonder if they can crack devices that haven't been booted. Many of the newer
smartphones encrypt data and require a password on boot.

~~~
cxseven
Too bad Google made the boot password the same as the screen unlock password.
Since virtually everyone wants to be able to quickly unlock their phone, this
makes security a Hobson's choice.

~~~
libeclipse
Yeah I can see that being the case for the vast majority of users. Also it's a
damned shame that Google enforces a limit of 16 characters for the password.

My own password is a random 16 character string.

~~~
ThatGeoGuy
Fortunately the community has addressed both these claims, although you need
root to set it up (you can remove after).

An app on F-droid known as "Cryptfs Password" can change the encryption
password separately from your screen unlock password. It also bypasses the 16
character limit, as the encryption key I used on my last phone was 27
characters. At the end of the day Android encryption runs using dm-crypt, so
the same sort of rules apply. The 16 character limit is a UI limitation, and
there's no technical reason for it.

* Note: I fully acknowledge that Google needs to do better here, as I would never assume a normal user could root + install Cryptfs password + unroot after, but at least for those of us who can, we can do something in the meantime.

------
st3v3r
I mean, with Trump's administration banning cybersecurity and encryption, this
company should go out of business soon, right?

~~~
fredgrott
it would be somewhat hard to ban math, right?

Take Trump's mouth blast with a grain of salt, as its not what he will end up
doing once he learns what he is talking about.

------
Ftuuky
Aren't they owned by a Japanese pachinko company?

