Most of the rhetoric in tech these days revolve around privacy, especially when it comes to smartphones and data on the cloud. Manufacturers and platform makers are, at least in public, committed to thwarting attempts to break into users’ phones but, almost ironically, one of the most persistent threats aren’t criminals. Governments are just as interested in breaking their way into mobile devices, often for the stated sake of law enforcement, and Cellebrite is only too happy to have them as buyers of its new UEFD Premium system.
Cellebrite has long been a celebrity in the law enforcement field because of its involvement in cases related to breaking into Apple’s highly encrypted iPhones. It has used that prestige to raise its profile in the market and now it’s making its biggest boast ever.
It has announced the new Universal Extraction Forensic Device (UEFD) Premium and its biggest boast is the ability to unlock any iPhone or Android device. That includes those running on iOS 12.3 that was released just a month ago. Usually it takes a lot longer for hackers to find vulnerabilities that will allow them to break into encrypted file systems and, therefore, copy data that would have otherwise been private and secure.
Cellebrite plays a game of cat and mouse with platform makers who patch up the holes that forensics companies and hackers alike use to circumvent such security measures. It’s likely that Apple and Google will push out updates that plug up those holes but Cellebrite’s announcement makes a subtle boast. The UEFD Premium is proof it can move just as fast to find a new backdoor.
While Cellebrite and others in that industry say they cater to lawful use of such systems, recent events prove that those same tools can be used for illegal purposes also. It’s especially problematic when Cellebrite’s own customers, the law enforcers that should know better, don’t properly dispose of UEFDs, especially ones that themselves have weak security measures.