iPhone Hacking Firm Updates Tool in Midst of Apple-FBI Spat

(Bloomberg) — Digital forensics firm Cellebrite released a new tool that could be used to access data on the iPhones at the heart of the latest spat between Apple Inc. and the FBI.

© Bloomberg A customer holds an Apple Inc. iPhone 11 Pro smartphone inside the Regent Street Apple store during a product launch event in London, U.K., on Friday, Sept. 20, 2019. Apple’s new iPhones with camera enhancements and improved battery life go on sale today.

The company pushed out an update to its UFED Physical Analyzer software that helps law enforcement agencies and other customers extract and analyze information on some iPhones.

“For the first time ever, a wealth of previously untapped data sets from iOS devices can be leveraged to change the course of investigations,” Shahar Tal, a security research vice president at Cellebrite, wrote in an email to customers on Tuesday. “This update allows you to quickly perform a forensically sound temporary jailbreak and full file system extraction within one streamlined workflow.”

The tool uses an exploit called Checkm8 that allows access to chips running on iPhones released between 2011 and 2017. Cellebrite, owned by Japan’s Sun Corp. said its latest version of the tool works with the iPhone 5S, first sold in 2013, through the iPhone X, sold in 2017.

This could help investigators analyze at least one of the iPhones that belonged to Mohammed Saeed Alshamrani, the perpetrator of a Dec. 6 terrorist attack at a Navy base in Florida. Alshamrani died and his iPhone 5 and iPhone 7 were locked, leaving the FBI looking for ways to hack into the devices.

Apple in New Clash With U.S. Over Access to Terrorist’s IPhones

The FBI has been pressing Apple to help it break into the attacker’s iPhones. President Donald Trump called on the company to step up. But the government can hack into the devices without the technology giant, experts in cybersecurity and digital forensics said on Tuesday.

The FBI Can Unlock Florida Terrorist’s IPhones Without Apple

Tools from Cellebrite and other digital forensics firms that incorporate the Checkm8 vulnerability may be especially helpful to the FBI.

“This Cellebrite tool would let the government get a whole lot of information out of the phone, more than we’ve previously been able to extract,” said Neil Broom, who works with law enforcement agencies to unlock devices.

The Cellebrite tool costs about $15,000, plus an annual maintenance fee of more than $4,000, according to Broom. Before it can be used, a customer would need another Cellebrite tool for actually unlocking the phone, which could cost between $100,000 and $150,000, Broom added.

(Updates with President Trump comment in sixth paragraph.)

To contact the reporter on this story: Mark Gurman in Los Angeles at mgurman1@bloomberg.net

To contact the editors responsible for this story: Tom Giles at tgiles5@bloomberg.net, Alistair Barr, Jillian Ward

For more articles like this, please visit us at bloomberg.com

©2020 Bloomberg L.P.