Cellebrite, the company widely believed to have accessed the San Bernardino iPhone for the FBI, is reportedly ‘optimistic’ that it will also be able to access a locked iPhone 6.
CNN reports that Italian architect Leonardo Fabbretti met with the company last week to see whether it could help gain access to his dead son’s iPhone. Before his death from bone cancer, 13-year-old Dama Fabbretti had added his father’s thumbprint to allow him access – but the phone required the passcode after a restart, and his father doesn’t know the code.
Apple had told him it was impossible to access the iPhone without the passcode, but Fabretti told CNN that Cellebrite has already made progress …
“I just came back from their office in northern Italy. The meeting went well. They were able to download the directories with the iPhone’s content, but there is still work to be done in order to access the files,” Fabbretti said.
Those files contain the months of photos and conversations the dad so desperately wants to see, including a handful of videos taken three days before his son died.
Fabbretti said that the company had told him it was ‘optimistic’ about its chances of accessing the files. Both Apple and Cellebrite refused to comment on the case.
The FBI last week advised that the method used to access the San Bernardino phone does not work on the iPhone 5s or later, which appeared to confirm earlier speculation that the passcode bypass would not work on models with a Secure Enclave. If Cellebrite has a new method that successfully breaks into the iPhone 6, that will leave Apple with further work to do to secure future iPhones.
FTC: We use income earning auto affiliate links. More.
Next week: “FBI buys Cellebrite”
lol. Yeah, The Federal Bureau of iPhones sure seems to be a regular customer¡
AND – Our (USA Citizens) Taxpayer $$$ are paying for that!
Yeah, except then Cellebrite employees would then land on the government payroll, where they’d immediately quit due to lousy pay. And so the FBI would end up with nothing.
Or next week “Apple buys Cellebrite”. (or Sun Corporation which own Cellebrite)
Wouldn’t have expected any other statement than this one that puts them in a “positive light”. Pity they’re so vocal about it, but hay, it’s marketing that sells.
Go on then.
Try and hack the security enclave.
LOL!!! I’m optimistic they can’t. The reason they got in the last one was because of 32bit arch. This will be much different.
No, overflow wasn’t the vulnerability in the 5C. They just reset the attempt counter to zero in NVRAM with every attempt or so, AFAIK.
The 5S and other Touch ID-equipped devices have the Secure Enclave which stores the replay counter in a separate memory, with possibly some cryptography somewhere along the way.
I’m pretty sure Randy is right. Snowden said the easiest method would be to do NVRAM injection to fake the retry counter.
Well – for one, I feel better about Cellebrite having the technology and continuing to charge BIG $$$ to unlock an iPhone rather than the FBI having the GovtOS and having that code leak out so that anyone with the GovtOS can crack an iPhone.
If it costs $$$$ – that means someone really HAS to want to get into my iOS device!
YMMV
i’m optimistic they do not have to, because they overlooked iCloud or iTunes backups.
They had access to iCloud backups in San Bernardino, they just wanted access to the latest backup. It is why it is highly unlikely any information was found in the phone.
If they found anything of relevance they would be rubbing it in our faces 24/7 in the media.
So it was a manufactured fishing expedition to try to coerce Apple to do the Government’s (and more importantly, the Governments string-pullers) work?
So I’m probably just missing something here, but if they’ve gotten “some data” then doesn’t that mean they’re not just brute forcing the passcode? If you’re brute forcing the code then you would have nothing until you get the code, then you’d have everything. There’s no in between unless they’re using a different method…. Unless I’m missing something (which I assume I am)
I think they are copying data directly off the memory. So it might being copied in its encrypted form.
I also do not mind that difficult and expensive encryption breaks exist for consumer devices. As long as it takes some serious amount of time and expertise it addresses the main issue of bad government action. Personally I’m not interesting enough of a target for anyone to want to do that. And the bad government actors of the world won’t be able to do full monitoring or spot monitoring at boarder crossings with this hack method.
It may be difficult now. But in 3 months expect a device on Amazon that’ll work.
What about the lock screen bypasses? I know there are some that work from boot even. There’s also another exploit going around that is a GUI bug that appears to give unlimited tries without a retry counter even on devices with Secure Enclaves.
Yeah – access to Apple devices is either by highly complex and expensive forensics firms … or alternatively via a YouTube video of the latest ‘lock’ screen failure.
Those videos are fakes – they are simply using Touch ID to unlock the phone.
A father not respecting the privacy of his dead son, way to go…
“Before his death from bone cancer, 13-year-old Dama Fabbretti had added his father’s thumbprint to allow him access – but the phone required the passcode after a restart, and his father doesn’t know the code.”
Once again demonstrates the unsatisfactory situation Apple has created:
* The legitimate heir to a dead person’s property cannot access it by normal means.
* Access being gained by backdoor means, the nature of which are not known, and are not subject to legal control.
Much better if Apple did what responsible IT providers do – provide a secure means for Apple themselves to access locked devices and provide disclosure (only) on receipt of a court order.
From which jurisdiction?
Good. No chance for Apple to demagogue the issue.