ON JANUARY 15TH, THE FBI IS PUTTING PRESSURE ON APPLE TO HELP CRACK TWO IPHONES SEIZED FROM TERRORISTS, BNN BLOOMBERG REPORTED. But cybersecurity and digital forensics experts say the FBI can actually crack the devices without Apple’s help. Security experts say investigators can use a series of security vulnerabilities on the iPhone to break into the phone, which can be obtained directly or from providers of cracking solutions such as Cellebrite and Grayshift.
On December 6 last year, Mohammed Saeed Alshamrani, a member of the Saudi Air Force, carried out a shooting attack at the Naval Air Base in Pensacola, Florida, killing three people. Alshamrani owns an iPhone 5 and an iPhone 7, which first went on sale in 2012 and 2016. Alshamrani was killed, but the two phones were also locked, forcing the FBI to find a way to crack them.
“For an iPhone 5 and an iPhone 7, it’s definitely accessible,” says Will Strafach, a well-known former jailbreak hacker. I wouldn’t say it’s a play, but it’s not particularly difficult. “Stufah now runs a mobile security company called Guardian Firewall.
This view is contrary to that of the American government. U.S. Attorney General William Barr lashed out at Apple on Monday, saying it was not doing enough to help the FBI crack the iPhone linked to the shooting.
The comments put more pressure on Apple to give law enforcement a special way to access the iPhone. Apple refuses to set up such backdoors, saying they will also be exploited by bad guys.
In fact, Apple doesn’t need to create a backdoor for the FBI to get into two iPhones belonging to Alshamrani, stufah and other security experts said.
Neil Broom, a security expert who works with law enforcement to unlock devices, warns that the software versions of the iPhone 5 and iPhone 7 could make it harder to crack the phone. But cracking is still possible.
“If the two iPhones have a specific version of iOS, it could take as little as an hour to get it done,” he said. But they may be equipped with a vulnerability-free version of iOS. “
On Tuesday, U.S. time, a U.S. Department of Justice spokesman said he had no update on law enforcement’s advances in unlocking the phone. Apple reiterated monday’s comments.
Apple says it is helping the FBI investigate the Florida terrorist attack.
However, it takes time to discover new vulnerabilities and exploit them. Now, security companies such as Apple and Cellebrite are playing cat-and-mouse games. When Apple releases a new device or a new version of the iOS operating system, it’s all locked in. Security companies and researchers will then conduct research immediately, usually finding a way to hack into the iPhone in a few months. The vulnerabilities they find sometimes become tools used by the FBI and police to access iPhone data.
Mr. Blom noted that U.S. law enforcement, in partnership with security companies such as Cellebrite, would “do everything they can” to help the government in securing big contracts.
“Our technology is used by thousands of organizations around the world to legitimately access and analyze very specific digital data,” Cellebrite, a subsidiary of Japan’s Sun Corp,” Cellebrite said in a statement. In accordance with Company policy, we do not comment on any ongoing investigations. In 2016, the company helped the FBI crack the iPhone held by the killer of the San Bernardino, California, shooting.
The GrayKey black box currently used to crack iOS devices is owned by Atlanta-based Grayshift, whose employees include Braden Thomas, a former Apple software security engineer. Grayshift did not respond to a request for comment Tuesday.
According to Stufach and other security researchers, a new security vulnerability called “Checkm8” affected the iPhone chips released between 2011 and 2017, including the iPhone 5 and iPhone 7.
“With the Checkm8 vulnerability, you should be able to get a clear image of the file system unless they are protected by a long password,” Stufah said. “
He said the iPhone 7 uses secure Enclave, a dedicated chip used to store fingerprint data and other sensitive information, but even such chips could be cracked.
Mr Stufah added: “The question is simply whether the government will pay contractors to crack these phones. If they can’t get the job done by exploiting the Checkm8 vulnerability directly, they can pay the contractor to do it. “
The Checkm8 vulnerability may support Cellebrite’s upgraded hacking tools. The Israeli-based company provided the hacking tools to law enforcement agencies and other customers, including a UFED Physical Analytics client analytics software, a special “Touch2” tablet and a PC software called 4PC. Mr. Blom said the hacking tool cost about $15,000. He said the hacking tool costs more than $4,000 a year to maintain.
The FBI may also need other tools to unlock iPhones, such as Grayshift’s GrayKey Black Box or Cellebrite Premium, a special internal service for law enforcement agencies. They could cost between $100,000 and $150,000, Mr Blom said.
“The FBI already has these tools across the country,” Blom said. So they don’t have to pay anymore to crack these phones, they just have to wait for vulnerabilities like Checkm8 to emerge. “
On Monday, U.S. time, Apple said it had provided all “relevant information” about the two iPhones involved through Internet-based services such as iCloud.
However, some of the data that the FBI may be interested in is only available on the two iPhones. For example, iMessage text is encrypted when stored in the cloud, but is usually readable on devices.
The 2016 San Bernardino shooting ended with the FBI using Cellebrite’s technology to hack the iPhone involved, and if security experts are right, this time it’s likely to end.
But that won’t end the standoff between the FBI and Apple.
Yotam Gutman, marketing director at SentinelOne, a cybersecurity firm, points out that as the iPhone becomes more complex, companies such as Cellebrite will become more difficult to hack into.
Stuakh says it’s much harder to crack the latest iPhone 11 than the old iPhone.