The three-way struggle between criminal hackers, law enforcement and privacy-centric tech companies is constantly evolving. Today’s smart devices have implemented increasingly tough security measures to protect users’ personal data, while criminals seek to unlock them for various nefarious purposes, and authorities try to crack them for the sake of uncovering potential evidence.
Israeli forensics firm Cellebrite is responsible for creating such a tool – the Universal Forensic Extraction Device (UFED), and the security company now claims it can unlock almost of all of the latest Apple and Android smart devices thanks to its latest update.
Specifically, the latest version of the device (UFED Premium) is able to unlock and gain access to “Apple devices running iOS 7 to iOS 12.3” as well as “high-running Android devices including the Samsung Galaxy S6/S7/S8/S9 [and] models from Motorola, Huawei, LG and Xiaomi”.
The device will be available to law enforcement agencies “on-premise”, meaning they will be able to operate the machine themselves and get the results independently of Cellebrite. The tool promises “access to 3rd party app data, chat conversations, downloaded emails and email attachments, deleted content and more”.
Privacy for the people
This time last year, we saw the security-conscious Apple release a more aggressive version of its USB Restricted Mode in the iOS 12 update – a solution that supposedly plugged a loophole whereby certain tools (akin to UFED and GreyKey) could access data via an iPhone’s Lightning Port.
While it’s unclear which global law departments will make use of the Cellebrite technology, it was strongly suspected that the FBI used the company in 2016 to unlock the San Bernardino iPhone.
Although the latest version of iOS is technically 12.3, Cellebrite’s site doesn’t make it clear whether the new 12.3.2 update is included in this. Similarly, Samsung’s latest Android phone family – the Galaxy S10, S10 Plus and S10e – aren’t listed among the handsets the firm claims to be able to unlock, so it appears some forms of device encryption are still proving elusive.