Cellebrite cagily claims it can hack into just about any phone including iPhone 7 and Nougat handsets
Israeli security firm Cellebrite -- the company said to have helped the FBI access the San Bernadino iPhone -- says that it has the power to break into, and extract data from, just about any phone out there. Speaking with the BBC, the company demonstrated how it can crack the password on a smartphone to access its data.
It said that it was able to extract data from the very latest handsets including Android 7 devices and the iPhone 7. Cellebrite says it works with law enforcement agencies around the world too, and stopped short of saying it refused to work with oppressive regimes. The interview raises some interesting questions.
Clearly Cellebrite doesn’t reveal just how it is able to break into smartphones, but a worker for the company can be seen plugging the target handset into tablet-like device, to which is connected a USB drive. The tablet is shown to be running a tool called Cellebrite UFED Touch 2 (version 220.127.116.111, if you're interested) although it does appear to be only a demonstration version. Moments later, with just a few taps, the lock screen password for the connected Samsung Galaxy S5 is cracked, and access to the phone's data is achieved.
Although not shown being performed, Cellebrite says that it can use the same tool to extract all data from a target phone. This includes information such as call logs, emails and messages, location information and much more. The company clearly saw the interview with the BBC as an opportunity to blow its own trumpet, but it became very cagey when asked about the specifics of what data could be extracted, and the types of people the company was willing to sell its technology to.
In fact, Cellebrite seemed extremely uncomfortable when asked anything about its operation. Asked whether more sophisticated, encrypted messaging tools could be cracked, the company stopped short of giving a straight yes or no for any named service. Instead the response was: "Some of those services will allow extraction of those messages".
The company was also rather cagey about the phones it could crack, or the amount of data that could be extracted from different devices. Asked about the iPhone 6, the answer avoided referring to this specific handset entirely:
This machine will definitely be able to pull some data from a wide range of iPhones.
Probed further about the iPhone 7, Cellebrite says, rather shiftily and hesitantly:
We can definitely extract data from iPhone 7 as well. The question is what data? What is the situation? What is the situation the device is in?
Asked about Nougat, there was a similarly stuttering reply:
I'm saying that our solutions do provide support for a very wide range of devices -- including the latest Android devices -- for law enforcement to extract data from.
The company is also keen to protect the identities of its customers, but says it typically sells services to government-owned or government-operated law enforcement agencies around the world. Clearly, there are some governments and regimes with less-than-perfect track records, particularly when it comes to human rights, civil liberties and privacy. Would, or does, Cellebrite sell to such governments? Asked about whether the company sells to repressive regimes, the response was interesting:
I don't know the answer to that and I'm in no position to comment on that at this point in time [...] We operate under the law, both international and the laws of every jurisdiction and country in which we work. This is what guides us.
Make of that what you will. You can check out the full report over on the BBC website.