What the latest iOS passcode hack means for you
Israeli forensics company, claims it can compromise Apple's iOS 12.3 and 'high-end Android' devices
19 June 2019 | 0
A mobile device forensics company has claimed it can break into any Apple device running iOS 12.3 or below.
Israel-based Cellebrite made the announcement on an updated webpage and through a tweet where it asserted it can unlock and extract data from all iOS and “high-end Android” devices.
On the webpage describing the capabilities of its Universal Forensic Extraction Device (UFED) Physical Analyzer, Cellebrite said it can “determine locks and perform a full file system extraction on any iOS device, or a physical extraction or full file system (file-based encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means.”
This isn’t the first time Cellebrite has claimed to have been able to unlock iPhones. Last year, it and Atlanta-based Grayshift said they had discovered a way to unlock encrypted iPhones running iOS 11 and marketed their efforts to law enforcement and private forensics firms worldwide. According to a police warrant obtained by Forbes, the US Department of Homeland Security tested Cellebrite’s technology.
Grayshift’s technology was snapped up by regional law enforcement agencies and won contracts with Immigration and Customs Enforcement (ICE) and the US Secret Service.
Shortly after the two companies announced their ability to bypass iPhone passcodes, Apple announced its own advances to further limit unauthorised access to locked iOS devices through a USB-restricted mode. In iOS 12, Apple changed the default settings on iPhones to shutter access to the USB port when the phone has not been unlocked for one hour.
While the passcode hack may be unsettling to iPhone owners, Cellebrite’s technology doesn’t work via the cloud; it requires physical access to a device, according to Jack Gold, principal analyst with J. Gold Associates.
“I am speculating of course, but if you can work below the phone BIOS level, you can do lots of stuff (think of it as a root kit like on a PC),” Gold said via e-mail. “If this is indeed their penetration method, then the level of OS almost doesn’t matter, since they are breaking in below the OS level and it’s more about the actually hardware inside the phone.”
Vladimir Katalov, CEO of Russian forensic tech provider ElcomSoft, described Cellebrite’s technology as based on a brute-force attack, meaning their platform tries various passcodes until it unlocks the phone. And, he said, both Cellebrite and Grayshift say they have “a kind of” solution to USB Restricted Mode. But any details are kept secret and made available only to customers who are under a strict NDA, Katalov said.
“From what I know, both
companies [Cellebrite and Grayshift] are now able to extract most of the
data even from locked iPhones running iOS 11 and older – without
recovery of the passcode (though some data remains encrypted based on
the real passcode). The limitation is the phone should be unlocked at
least once after last reboot,” Katalov said via email. “From what we
heard, it is about 10 to 30 passcodes per second in AFU (After First
Unlock) mode, and just one passcode in 10 minutes in BFU (Before First
The iPhone Xr and Xs models (based on A12 SoC) are harder to break because the password recovery for it always runs at BFU speed (even if the phone was unlocked once), Katalov claimed. “Cellebrite does not support these models in their on-premise solution though, but it is available from their [Cellebrite Advanced Services],” he said.
Both Cellebrite and Grayshift’s technology not only try all possible passcode combinations but they start with most popular passcodes first, such as 1234; it is especially important in BFU mode, where only about 150 passcodes per day can be tried. Custom dictionary (wordlist) can be also be used, Katalov said.
In general, iOS devices are very well protected, while some Android
devices provide an even better level of security, Katalov said.
To protect your smart phone, it is recommended to do the following:
- Use at least a six-digit passcode
- Make the passcode complex
- Enable USB restricted mode
- Know how to activate it (S.O.S.)
- Best of all, use an iPhone Xr or Xs model or newer
Andrew Crocker, a senior staff attorney with the Electronic Frontier Foundation, said it’s nearly inevitable that dedicated attackers, “including Cellebrite,” will find a way around security features.
“That leads to a kind of cat-and-mouse game between security teams at Apple and Android and companies like Cellebrite and GrayKey,” he said. “We should remember that dynamic the next time we hear law enforcement officials who want to mandate encryption backdoors talk about ‘unhackable’ devices and ‘zones of lawlessness.'”
IDG News Service