Future Tense

Report: Israeli Company Has Likely Found a Way to Break Into Any iPhone

Leeor Ben-Peretz, the executive vice president of the Israeli firm Cellebrite’s technology, shows devices and explains the hacking technology developed by his company.
Leeor Ben-Peretz, the executive vice president of the Israeli firm Cellebrite’s technology, shows devices and explains the hacking technology developed by his company. Jack Guez/AFP/Getty Images

Sometime in the past few months, Cellebrite, an Israeli cyberforensics firm that has big-ticket contracts with the U.S. government, likely found a way to break the security on virtually all iPhone models, Thomas Brewster reports in Forbes. The company has been straight-up advertising to law enforcement agencies that its “advanced unlocking and extraction services” are available for devices running iOS 5 to iOS 11. Furthermore, Brewster cites a source involved in police forensics who says he heard from Cellebrite that it found a way to unlock the iPhone 8. He concluded that Cellebrite must be able to do the same with the iPhone X, since the security features in the two devices are very similar.

In fact, Brewster dug up a warrant from the Department of Homeland Security indicating that its agents were able to break into an iPhone X confiscated in November from a suspect in an arms-trafficking case. The warrant doesn’t detail exactly how it was able to unlock the device, but it notes that the department’s Cellebrite specialist performed a “forensic extraction” in December. (Slate contacted Apple for a response to Forbes’ report, and we will update this post if we receive a response.)

Federal law enforcement agencies have long blasted Apple for not helping to break encryption on iPhones to assist with criminal investigations. The tech giant has consistently argued that intentional vulnerabilities like back doors would threaten the privacy of all its customers.
If Cellebrite has indeed found a workaround for even Apple’s most advanced devices, it could change the terms of a debate that has been raging for years.

What is perhaps the most well-known clash between Apple and law enforcement erupted in the aftermath of the 2015 mass shooting in San Bernardino, California. When the FBI found an iPhone used by Syed Farook, one of the two shooters, investigators initially struggled to bypass the failsafe feature that wipes the contents of the device after 10 incorrect PIN entries. The bureau obtained a court order demanding that Apple help it disable the feature, though the company refused to comply. CEO Tim Cook said it would be “bad for America.” The FBI ended up bypassing Apple and broke into the phone with help from an unidentified “outside party.” The workaround was effective only on iPhone 5Cs that ran iOS 9—a “narrow slice” of iPhones as then-FBI Director James Comey put it—so the debate has re-emerged repeatedly.

There was actually speculation that Cellebrite was the mysterious hacker that gave the FBI access to Farook’s phone. Though later reports casted major doubt on the theory, it’s easy to see why so many people turned their attention to the Israeli firm, given its stature in the law enforcement sector. Cellebrite’s surveillance gear is a hot seller for authorities at all levels of the government—the ACLU called one of the company’s portable phone data extraction tools “a favorite of police departments everywhere.” And as Forbes has pointed out, Cellebrite has struck lucrative deals with a variety of U.S. agencies. For instance, Immigration and Customs Enforcement spent $2 million on just one of Cellebrite’s many contracts. The firm also reportedly partners with the FBI, the Drug Enforcement Agency, the Transportation Security Administration, and the State Department.