In the wake of claims that Israeli company Cellebrite has developed an unlocking tool for any iPhone, Apple is urging customers to upgrade to the latest version of iOS 11.
Apple’s response falls well short of a full-throated debunk of the iPhone hack, but suggest some merit to the claim – hence a call for customers to upgrade. In a response to a request for comment, Apple told Threatpost that the most recent iteration of iOS (11.2.6) ensures customers have the latest protections.
Apple declined to comment as to whether its latest version of iOS specifically prevents or fixes some aspect of the operating system that would prevent a reported hack by Cellebrite from working.
The Apple iPhone unlock claims came to light Monday when Forbes reported that Cellebrite was marketing a forensic tool for iPhones and iPads that could unlock “any” iOS device. The assertions have reignited similar privacy concerns surrounding three zero-day vulnerabilities, identified as Trident, that surfaced in 2016, sold by the Israeli firm NSO Group that were branded as Pegasus.
“I’d be zero-percent surprised if Cellebrite had a zero-day that allowed them to unlock iPhones with physical access,” said Patrick Wardle, chief research officer at Digita Security. “These guys clearly have the skills, and there is also a huge financial motivation to find such bugs.”
As Forbes detailed in its report, the Cellebrite unlock service costs as little as $1,500 an unlock and was likely used last year in a Department of Homeland Security case involving a suspected arms trafficker and his iPhone. Court documents indicated the Cellebrite tool was used for a “forensic extraction” from the suspect’s iPhone X.
Commenting on the relatively low ($1,500) cost per unlock Cellebrite is charging, Wardle and other security experts theorize the company may be exploiting a patched vulnerability. Given the price tags as high as $1 million offered by companies such as Zerodium for a remote iPhone jailbreak, the $1,500 is cheap.
Apple has said publicly a recent version of iOS 11.2 does address several serious vulnerabilities found by Google Project Zero. In December, Project Zero researcher Ian Beer published details of an “async_wake” exploit and proof-of-concept local kernel debugging tool for iOS 11.1.2. The vulnerability exploited two patched flaws in iOS 11.1.2 that made it possible to jailbreak iPhones running earlier versions of the OS.
Cellebrite advertises its services as having the capabilities of extracting data from “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.” Cellebrite did not return requests for comment for this article.
Apple has taken a hardline stance against government snooping on its devices, as illustrated in its legal standoff with the Federal Bureau of Investigation over a seized iPhone of San Bernadino killer Syed Farook in 2015. On the other hand, last month FBI Director Christopher Wray called unbreakable encryption, such as Apple’s, an “urgent public safety issue.”
“Cellebrite’s techniques clearly pose privacy concerns for Apple customers, but there are also underlying issues around the private forensics contractors doing business with them,” said David Pearson, Principal Threat Researcher at Awake Security. “We’ve already seen what happens when governments weaponize undisclosed exploits and fail to protect them, such as Eternal Blue, Doublepulsar and other tools and exploits alleged to belong to the NSA. This iOS technique may bring more of the same, not to mention the added scrutiny of many security researchers and criminals alike being on the lookout for such information.”