During an investigation, it was very easy for the police to collect confidential data on mobile phones. The era of smartphones has brought new challenges and new opportunities for researchers. Although smartphones contain much more information than flip phones of the past, they are also much more difficult to access without a password. Several companies offer unlocking services to law enforcement, but they are limited by devices and software versions. The Israeli criminal society Cellebrite says that it can release data on any iOS device until the last v12.3.
New iPhone cracking capabilities come from a new version of the universal forensic forensic device or UFED of the company. Cellebrite calls the new UFED Premium an "exclusive solution for the forces of order." Investigators can purchase the device and use it to perform data backups from locked smartphones. Without something like UFED, getting a copy warrant in the content of the phone will not help if the device is locked and encrypted. Some also fear that these devices will end up in the hands of criminals.
Apple just released iOS 12.3 a month ago. Cellebrite must therefore control a very sensitive vulnerability of the software if it is able to unlock any device. Chances are that Cellebrite has paid an arm and a leg to a security researcher for the feat, and now he is going to take advantage of it to make money from governments and laws up to the end. Apple can discover how the UFED premium works.
Cellebrite also claims that UFED Premium can extract data from a number of popular Android phones, such as the Galaxy S and S9 series, as well as from LG, Huawei and Xiaomi phones. This suggests that he found manufacturer-specific vulnerabilities and not something that affects all Android devices. So, that's at least a good news.
Cellebrite is proud to present #UFED Premium! An exclusive solution for the forces of order to unlock and extract data from all high-end iOS and Android devices. To learn more, click here: https://t.co/WHsaDxzoXz pic.twitter.com/BSixEkyAuL
– Cellebrite (@Cellebrite_UFED) June 14, 2019
This is not the first time that Apple is facing a cracked phone problem. Another security company called Grayshift has sold its GrayKey phone unlock station. He used custom software to brutally force Apple PINs, but Apple mitigated the utility of the GrayKey Disabling data on the Lightning port when devices were locked and inactive. We do not know if this technique can stop UFED Premium, but it sounds like nothing has happened.
Apple will inevitably block UFED Premium, but the company probably chose this moment to announce its release because v12.3 had just been launched. Cellebrite probably believes that he has time to sell devices and unlock services before they become useless.