Not so long ago, companies that cracked personal devices on behalf of governments did so in secret, closely guarding even the descriptions of their capabilities. Now, it seems, they proudly tweet about their updated abilities to hack into new iPhones, like a video game firm offering an expansion pack.
On Friday afternoon, the Israeli forensics firm and law enforcement contractor Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it calls UFED Premium. In the marketing around that update, it says that its cracking tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3, released just a month ago. Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy 9. No other law enforcement contractor has made such broad claims about a single product, at least not publicly. The move signals not only another step in the cat-and-mouse game between smartphone makers and the government-sponsored firms that seek to defeat their security, but a more unabashedly public phase of that security face-off.
“Cellebrite is proud to introduce #UFED Premium! An exclusive solution for law enforcement to unlock and extract data from all iOS and high-end Android devices,” the company wrote on its Twitter feed for the UFED product. On a linked web page, it describes the new UFED tool’s ability to pull detailed forensic data off of any iOS device dating back to iOS 7, and Android devices not just from Samsung but Huawei, LG, and Xiaomi. Cellebrite calls the UFED Premium, “the only on-premise solution for law enforcement agencies to unlock and extract crucial mobile phone evidence from all iOS and high-end Android devices.”
The announcement follows a move from Apple last fall to add new security measures that crippled another iPhone-unlocking tool, the GrayKey devices, sold by the Atlanta-based company Grayshift, that have become popular among US law enforcement.
One iOS security expert who spoke to WIRED says that Grayshift has since developed tools to unlock at least some versions of iOS 12. But it’s only recently started working on a tool that can unlock Android devices, too, according to a report from Forbes earlier this week, while Cellebrite says its new tool can unlock encrypted phones running either Apple or Google’s operating systems.
“This will allow investigators access to newer and updated devices that they didn’t have access to before,” says Sarah Edwards, a forensics researcher for the security training group the SANS Institute. Neither Cellebrite nor Grayshift responded to WIRED’s request for comment for more information about their latest phone-cracking tools.
Cellebrite, too, has likely possessed the ability to unlock iOS 12.3 devices prior to this announcement, says Dan Guido, the founder of the New York-based security firm Trail of Bits and a longtime iOS-focused security researcher. “It’s well understood that this is the business Cellebrite is working in,” Guido says. “It was only a matter of time until they solved the problem, and then told people about they solved it, which is what we’re seeing now.”
“It introduces a whole bunch of new risks.”
Dan Guido, Trail of Bits
More surprising, Guido and other observes of the iOS arms race say, is how publicly Cellebrite is touting its new tool. Guido suggests that the rising tide of publicity around even more aggressive government-contracted hackers like NSO Group—which has repeatedly been revealed in the act of hacking iPhones and Android devices remotely, rather than the more common physical access unlocking that Cellebrite allows—may have given Cellebrite the sense that it’s free to talk openly about its comparatively tame techniques. “It’s 2019. I’m kind of surprised it took this long for someone to start talking in the open about doing this,” says Guido.
But competition with Grayshift, a firm founded by a former Apple security staffer whose GrayKey devices have at times been able to crack iPhones that Cellebrite couldn’t, may have also spurred Cellebrite’s more public approach, says Matthew Hickey, the founder of security firm Hacker House who has closely monitored Cellebrite’s product offerings. “My guess is they’re trying to take a bite out of GrayKey’s market. They’re trying to win back some of those customers,” he says.
As with GrayKey, the new UFED Premium will be sold as an “on-premises” tool, allowing police to buy the company’s hacking device and use it themselves. That’s certainly convenient for law enforcement, but it also increases the risk that Cellebrite could lose control of its cutting edge unlocking techniques, or that they could fall into the hands of criminals or repressive governments. Hickey notes that he’s been able to buy some older Cellebrite tools off of eBay.) “It introduces a whole bunch of new risks,” says Guido.
Neither Apple nor Google immediately responded to a request for comment on Cellebrite’s new UFED product announcement. But Apple at least is expected to release a new version of its mobile operating system, iOS 13, in September, with a beta arriving next month that will likely send Grayshift and Cellebrite both back to the drawing board. The cat-and-mouse game continues.