New York City is using Cellebrite tools to extract data from locked iPhones

nanoguy

Posts: 1,355   +27
Staff member
The big picture: An Israeli firm may have been selling law enforcement agencies an on-premises tool that can read data from almost any encrypted phone for almost two years, and now the service is available for everyone that can pay for it. The news comes in just as the DOJ is making a new push for tech companies to leave backdoors in their products, reigniting the privacy versus safety debate.

If you haven't been living under a rock, you're probably used to the monthly news about spyware and hijacking tools that can take over your iPhone with little to no user intervention -- in some cases all it takes is visiting a website.

There are also companies like Cellebrite that provide authorities and other interested parties with tools to hack iPhones or Android phones. According to a report by OneZero, it turns out law enforcement can now do that from the comfort of an office through a new program called UFED Premium.

The Israeli firm announced the service in June, and touted the convenience of being able to license its software tools to "unlock and extract data from all iOS and high-end Android devices" in-house. New York City law enforcement reportedly paid $200,000 for a three-year contract that means they'll no longer have to send devices to Cellebrite's labs in Virginia and New Jersey.

A series of documents obtained by OneZero show the Manhattan District Attorney’s office has been using Cellebrite's new service since 2018. They also reference $1 million in "undisclosed add-ons" that may have been part of the deal. The DA's office also has to keep the UFED software in a secured room with no means of recording video or audio.

While both the DA's office and Cellebrite refused to comment on the contract's existence, OneZero found a number of court records that seem to confirm that prosecutors have had the ability to unlock phones like the iPhone 6S on-premise since early 2018. And while we know little about the Israeli's firm list of customers, The Daily Beast recently reported that Immigration and Customs Enforcement had signed a $30 million contract for UFED.

In any case, the problem with the existence of such tools is that they only add up to an ever-growing surveillance state, and raise important questions about the possibility of them landing into the hands of malicious actors. Cellebrite said in a statement that everything it does is intended to "accelerate criminal investigations and address the challenges of crime and security in a digital world."

The news also comes at a time when the Department of Justice is asking companies like Facebook to rethink their plans to implement end-to-end encryption across all messaging services. Specifically, officials want backdoor access to encrypted messages, which has everyone plunging into new debates about balancing privacy and safety. Civil liberties groups have sent an open letter to Facebook asking it to proceed with its encryption plans, arguing that backdoors could be exploited by stalkers, oppressive governments, and identity thieves.

The latest anti-encryption campaign also hinges on everyone's emotions by citing the evil that could be prevented if only the government had more access to private communications -- terrorism, organized crime, and child abuse, to name a few. However, encryption is already a complex security measure that is difficult to get right as made evident from the recently discovered flaw in encrypted PDF files. Asking for backdoors is like asking for a deliberate flaw that has a much higher chance of misuse.

Permalink to story.

 
The elite among the "bad actors" will go right on using extra layers of non-standard encryption that these cracking tools and forced backdoors won't have any effect on. The more we're spied upon the more emboldened the wannabe dictators become and the more outraged the citizens become. If you want a hundred more Hong Kongs then continuing to push for universal surveillance is the way to get there.
 
The elite among the "bad actors" will go right on using extra layers of non-standard encryption that these cracking tools and forced backdoors won't have any effect on. The more we're spied upon the more emboldened the wannabe dictators become and the more outraged the citizens become. If you want a hundred more Hong Kongs then continuing to push for universal surveillance is the way to get there.
Elites very often underestimate the masses. Always has been like this (russian tsar revolts, french revolts and so on), but hopefully will change one day.
My only fear is I hope the difference between state/elites weapons and that of the masses won't be too huge. Pitch and forks vs powdered weapons was somewhat doable.

can't be quoted enough: "all animals are equal, but some are more equal"
 
Sounds like Apple is going to have to really step up their game if they want to continue to claim privacy on their devices ......
 
This certainly is interesting as
Since the release of the iPhone 3GS, Apple has built encryption into the hardware and firmware of its iPads and iPhones. Every iOS device now has a dedicated Advanced Encryption Standard (AES) 256-bit crypto engine that sits between the flash storage and main system memory.​
 
This certainly is interesting as
Since the release of the iPhone 3GS, Apple has built encryption into the hardware and firmware of its iPads and iPhones. Every iOS device now has a dedicated Advanced Encryption Standard (AES) 256-bit crypto engine that sits between the flash storage and main system memory.​

Obviously they found a hole which might also apply to laptop tpm chips since the tech is the same. When will we get quantum based encryption chips
 
Back