Cellebrite can unlock all iPhones and iPads, with any version of iOS
It seems that there is an active vulnerability on iOS that would allow the Israeli company to unlock any iPhone and iPad in circulation by discovering the password set by the user.
Cellebrite has discovered a method to unlock Apple devices with any version of iOS available publicly. For those who do not remember, it is an Israeli company that has worked in the past with the US police in the work of cracking the security systems of various mobile devices, including those of Apple.
The new unlocking method is part of the Advanced Unlocking and Extraction Services, services, not software, aimed exclusively at law enforcement and not – obviously – to the final consumer.
While it is difficult to believe that Cellebrite has undermined the encryption used on iOS to protect the contents of the devices, on the other it is likely that the services are based on the wading of system PINs chosen by users, thus bypassing the counter attempts losers.
In this way, the technicians of the company can make a brute-force attack without triggering the special protection mechanisms present on iOS even if with this method the attack becomes extremely slow and not very effective on devices with long and complex passwords.
To report the news was Forbes, which quotes a spokesperson for Cellebrite, who confirmed that the company “can recover, without need of root or jeilbreak, the whole file system to get downloaded emails, data of third-party applications, geolocation data, and system log“. The ” cracking ” method that involves the bypass of PIN and password has already been used in a profitable way on iOS: in 2016 the University of Cambridge succeeded, for example: Cellebrite has not yet revealed the ways in which their services are applied.
The University of Cambridge attack became particularly difficult, if not impossible, since it required the manipulation of the flash memory of the device in which the security information was saved. However, Apple A7 SoC devices use a dedicated security chip called Secure Enclave Processor (SEP), which stores all the data needed to manage PINs and passwords, protecting them with unique UID encryption. Probably, Cellebrite uses a ” software ” system, and not hardware.
Given the potential nature of the exploit, then, it is likely that Apple can block the vulnerability with a next update of iOS once the methods are discovered. A rather serious vulnerability is present on the mobile operating system of Apple, and at the moment the best way to defend yourself is to use an alphanumeric password (and not the most convenient PIN) long enough and complex to make any brute-force attack less effective.