How Law Enforcement Crack into Smartphones without Apple or Google’s assistance

Unless you’ve been living under a rock over the past few weeks, you know about the controversial case between the FBI and Apple splitting opinions all over the world. The FBI has obtained a court order requiring Apple to create a special operating system that lacks certain security features and to load it on the iPhone found on one of the San Bernardino terrorists so they can get passed the passkey lock and access potentially valuable information from the phone. Apple has refused to comply, on the grounds that doing so could compromise the privacy of all of its users, who entrust the company to protect their data.

If Apple do not assist, the FBI will not be able to access anything on an iPhone used by one of the two shooters in last December’s mass murder of 14 people in San Bernardino, Calif. But there are still plenty of smartphones the government can crack without court orders, public hearings or any involvement by phone makers.

Yet the public scrutiny surrounding that case and others like it shows that the government has better tools for cracking phones on their own than many users probably realize. Meanwhile, smartphones running on other operating systems, which have gotten little attention in the current controversy, are considered far easier to crack than Apple’s iPhones, since the others doesn’t emphasize security as heavily as Apple. In Africa, Android has 89% market share in smartphones, with Apple a distant second at 7%.

For many years, it has been third-party forensic experts such as Cellebrite and not device manufacturers who have provided the tools and techniques that law enforcement agencies use to access data stored in mobile devices. The tools developed by Cellebrite are tested by local law enforcement and are approved to provide accurate evidence that is admissible in court.

Before these tools were developed, law enforcement authorities had to rely on off-the-shelf data synchronization tools, usually built by the manufacturer, which synced mobile devices with computers. Tools like the Desktop Manager from Blackberry, These all could create a backup of the data accessible from the device. However, these tools lacked forensic hashing techniques that ensure data integrity and the ability to bypass the built-in security of a device. So the user had to know the password or PIN needed to access the phone’s data.

Cellebrite uses techniques such as propriety boot loaders to enable law enforcement to exploit vulnerabilities in the phone’s software to allow for the extraction of the device’s file system and additional data layers in the phone’s physical memory.

Of course, keeping up with newly released devices and firmware updates is a big challenge for Cellebrite. Cellebrite has agreements with many international carriers and phone manufacturers so they can get many of the devices before they even get to the market.

With the release by Apple of iOS 9, the iPhone automatically encrypts itself with a hidden key.  That key is used with AES-256, an open and very strong form of encryption with no known weaknesses. As a result, someone getting into the phone without the PIN, as Cellebrite usually does, would only see gibberish, because even though the phone’s data would be visible, it would still be encrypted. As a further protection, if too many incorrect attempts are made to guess the password or PIN, the phone erases its key, preventing anyone from ever decoding the encrypted data.

Since there is no intentional workaround built into iOS by Apple, Cellebrite need to find an unintentional vulnerability in the phone. Apple already patched these “workarounds” in iOS9 and currently no-one, not even Apple themselves, have discovered another vulnerability that will allow them to get access to these devices

For more information about the Cellebrite product range click here

By | 2016-03-04T09:45:52+00:00 March 3rd, 2016|Crime Solving|