Cellebrite says it can unlock new iPhones
Data extraction company Cellebrite claims it can unlock most if not all devices running iOS, as well as many Android devices. The Israel-based Cellebrite is a “key collaborator with U.S. law-enforcement agencies,” and is “probably” the company that the FBI contracted to unlock the iPhone of the San Bernadino shooting suspect, according to Silicon UK.
Despite the advances in encryption and biometric technology for mobile devices, literature (PDF) published by Cellebrite in January to advertise its Advanced Unlocking and Extraction Services says the company can unlock many Android devices, as well as iOS versions 5 through 11, while Forbes reports it can unlock devices all the way up to iOS 11.2.6.
Forbes also reports that a warrant indicates Cellebrite extracted data from an iPhone X belonging to an arms-trafficking suspect in December in Michigan.
The company’s methods are unknown, and devices must be sent to its laboratories to be unlocked, but security expert and IBM Resilient CTO Bruce Schneier says in a blog post that there is a credible rumor that it defeats the mechanism limiting password attempts, which would enable the Cellebrite to brute-force the password.
If this is the case, then long, strong passwords could make it difficult or time-consuming for Cellebrite to unlock the device, though they would also make it less convenient to unlock it with a password, rather than a biometric system like Face ID.
All three new iPhone models due to be released this year are expected to include Face ID.