When the FBI Has a Phone it Can't Crack, It Calls These Israeli Hackers

Dermot7 · Oct 31, 2016

By Kim Zetter

Cellebrite’s researchers have become, over the last decade, the FBI’s go-to hackers for mobile forensics. Many other federal agencies also rely on the company’s expertise to get into mobile devices. Cellebrite has contracts with the FBI going back to 2009, according to federal procurement records, but also with the Drug Enforcement Administration, the Secret Service, and DHS’s Customs and Border Protection. U.S. state and local law enforcement agencies use Cellebrite’s researchers and tools as well, as does the U.S. military, to extract data from phones seized from suspected terrorists and others in battle zones.

The company is poised to seize a prominent and somewhat ominous place in the public imagination; just as Apple has come to be seen as a warrior for digital protection and privacy against overreaching government surveillance, Cellebrite is emerging as its law-and-order counterpart, endeavoring to build tools to break through the barriers Apple and other phone makers erect to protect data.
Click to expand...

https://theintercept.com/2016/10/31/fbis-go-hackers/

Minimalist · Jan 13, 2017

Hack reveals data company Cellebrite works with everyone from US cops to Russia

On Thursday, Vice Motherboard reported that an unnamed source provided the site with 900GB of data hacked from Cellebrite, the well-known mobile phone data extraction company.
Click to expand...

http://arstechnica.com/tech-policy/...e-works-with-everyone-from-us-cops-to-russia/

Palancar · Jan 13, 2017

I would sure love access to the mathematical paradigm they are using to crack the encryption. Its likely just those 4-6 pin numbers and they are bypassing the 5 tries and your deleted scenario.

Have any of you ever heard of them opening a forensically bricked laptop with a REAL password, say on LUKS?

Minimalist · Feb 4, 2017

Hacker leaked tools stolen from mobile forensics company Cellebrite
The hacker that breached the systems of the mobile forensics company Cellebrite leaked online some tools and announced further releases.
Click to expand...

http://securityaffairs.co/wordpress/55969/data-breach/cellebrite-hacked-dump.html

CloneRanger · Feb 4, 2017

LOL. Yet another case where the spooks get spooked ! Just like Finfisher etc

Dermot7 · Feb 6, 2017

Hacker Leaks Cellebrite's Phone-Hacking Tools - Schneier on Security

Minimalist · Feb 26, 2018

The Feds Can Now (Probably) Unlock Every iPhone Model In Existence

In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.

Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.
Click to expand...

https://www.forbes.com/sites/thomas...rnment-can-access-any-apple-iphone-cellebrite

RockLobster · Feb 26, 2018

https://www.infoworld.com/article/2607386/encryption/11-reasons-encryption-is--almost--dead.html

mirimir · Feb 26, 2018

Well hey, if I don't have a smartphone, they can't unlock it

Minimalist · Feb 27, 2018

Apple Tackles Cellebrite Unlock Claims, Sort Of

In the wake of claims that Israeli company Cellebrite has developed an unlocking tool for any iPhone, Apple is urging customers to upgrade to the latest version of iOS 11.

Apple’s response falls well short of a full-throated debunk of the iPhone hack, but suggest some merit to the claim – hence a call for customers to upgrade. In a response to a request for comment, Apple told Threatpost that the most recent iteration of iOS (11.2.6) ensures customers have the latest protections.
Click to expand...

https://threatpost.com/apple-tackles-cellebrite-unlock-claims-sort-of

RockLobster · Feb 27, 2018

Apple weakened their iPhone encryption considerably, two years ago.

mirimir · Feb 27, 2018

RockLobster said: ↑

Apple weakened their iPhone encryption considerably, two years ago.
Click to expand...

Really? Do you have a cite for that?

RockLobster · Feb 28, 2018

mirimir said: ↑

Really? Do you have a cite for that?
Click to expand...

https://thehackernews.com/2016/09/apple-ios10-encryption.html

Basically what that means is, the earlier algorithm generated 10,000 iterations of the key when you entered the password which took long enough that a brute force attack was limited to just a few thousand attempts per second.
The newer one only generates the key once, allowing for several million attempts per second.

mirimir · Feb 28, 2018

I'm not sure that I understand that. Apple changed from SHA1 hashes to SHA256 hashes, which is a huge improvement in security. But then there's the PBKDF2 aspect. If SHA1 is 10K more secure than SHA256, maybe it's a wash.

RockLobster · Feb 28, 2018

mirimir said: ↑

I'm not sure that I understand that. Apple changed from SHA1 hashes to SHA256 hashes, which is a huge improvement in security. But then there's the PBKDF2 aspect. If SHA1 is 10K more secure than SHA256, maybe it's a wash.
Click to expand...

Well, the PBKDF2 algorithm is just a way to make the authentication process take longer, you can choose how long it takes by setting the amount of iterations. This can vastly increase the resistance to brute force attacks which depend on testing millions or billions of passwords as fast as possible.
As far as the security of the SHA1 v SHA2 against crypto analysis, I could be wrong but as far as I know SHA1 is vulnerable to collisions when used for digitaly signing, but I dont think that affects its use in block ciphers, in fact I have a sneaking suspicion it is better than SHA2 in block ciphers.

So yeah anyway regardless of which hash algorithm is used in the cipher, brute force resistance is more important in the context of password cracking. At 6 million per second, dictionary attacks with multi billions of entries takes only a few minutes with just a regular desktop PC.

mirimir · Feb 28, 2018

OK, so I find a Forbes article that repeats the criticism: https://webcache.googleusercontent....s-10-vulnerabilities-in-passwords-jailbreaks/

So hey

wshrugged · Mar 4, 2018

ByJoseph Cox and Lorenzo Franceschi-Bicchierai (Motherboard)
Feb 7 2018, 10:04am
Inside the secretive industry that helps government hackers get around encryption.

At first glance, Azimuth Security looks like any other bustling startup. Photos tweeted by the firm’s co-founder show a staffer zipping in front of glass-walled conference rooms on a hoverboard and employees in T-shirts playing with a stylish chess set over a beer. But this small Australian company plays a crucial role in the continuous battle for spies and cops to hack into phones around the world, Motherboard has learned.[...]
Click to expand...

wshrugged · Mar 4, 2018

mirimir said: ↑

OK, so I find a Forbes article that repeats the criticism: https://webcache.googleusercontent....s-10-vulnerabilities-in-passwords-jailbreaks/

So hey
Click to expand...

Elcomsoft CEO Vladimir Katalov, referenced in the above article, subsequently stated that the flaw he found was corrected in iOS 10.1 beta then at its general release. Right at this minute, I can only find a reference for this in a response of his at the company site blog (bottom of page––Oct. 31, 2016).
https://blog.elcomsoft.com/2016/09/...overed-backup-passwords-much-easier-to-break/

But there is this from Apple's 10.1 security documentation which I assume is the reported issue:

iTunes Backup
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An attacker with access to an encrypted iTunes backup may be able to determine the backup password

Description: A password hashing weakness existed in the handling of encrypted iTunes backups. This issue was addressed by removing the weak hash.

CVE-2016-4685: Elcomsoft

Entry added November 14, 2016
Click to expand...

https://support.apple.com/en-us/HT207271

RockLobster · Mar 4, 2018

A weak hash wasnt the issue. Apples removal of the PBKDF2 algorithm that slowed down repeated password attempts was the issue.

wshrugged · Mar 4, 2018

@RockLobster
Now I'm not sure we're talking about the same thing. Side note––as you probably know, Apple can be obtuse in its security documentation. Your and @mirimir 's post reminded me of this issue––back then I looked into it for an iPhone user. I'll pass on the info so they can look into it; thank you both.

Minimalist · Mar 5, 2018

Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X For The Feds

Just a week after Forbes reported on the claim of Israeli U.S. government manufacturer Cellebrite that it could unlock the latest Apple iPhone models, another service has emerged promising much the same. Except this time it comes from an unkown entity, an obscure American startup named Grayshift, which appears to be run by long-time U.S. intelligence agency contractors and an ex-Apple security engineer.
Click to expand...

https://www.forbes.com/sites/thomasbrewster/2018/03/05/apple-iphone-x-graykey-hack

RockLobster · Mar 5, 2018

I think this is still all about brute forcing the password.

wshrugged · Mar 23, 2018

[...]In late 2017, word of a new iPhone unlocker device started to circulate: a device called GrayKey, made by a company named Grayshift. Based in Atlanta, Georgia, Grayshift was founded in 2016, and is a privately-held company with fewer than 50 employees. Little was known publicly about this device—or even whether it was a device or a service—until recently, as the GrayKey website is protected by a portal that screens for law enforcement affiliation.

According to Forbes, the GrayKey iPhone unlocker device is marketed for in-house use at law enforcement offices or labs. This is drastically different from Cellebrite’s overall business model, in that it puts complete control of the process in the hands of law enforcement.

Thanks to an anonymous source, we now know what this mysterious device looks like, and how it works. And while the technology is a good thing for law enforcement, it presents some significant security risks.[...]
Click to expand...

https://blog.malwarebytes.com/secur...one-unlocker-poses-serious-security-concerns/

Minimalist · Mar 26, 2018

US State Department Buys $15,000 iPhone Hacking Device

A report from Motherboard reveals that the State Department’s Bureau of Diplomatic Security ordered the device on March 6. The US government’s public federal procurement data system, which the cited site uses as source for its report, doesn’t specifically mention Grayshift, but says that the government purchased “computer and computer peripheral equipment.”
Click to expand...

http://news.softpedia.com/news/us-state-department-buys-15-000-iphone-hacking-device-520394.shtml

Minimalist · Apr 10, 2018

Scottish Police Buy Cellebrite Phone Unlocking Kits

Police Scotland is to deploy 41 Cellebrite terminals around the country following a trial in Edinburgh and Stirling. The contract is worth £370,000, according to Public Contracts Scotland. Insight Direct is acting as a reseller for Cellebrite in the contract.
Click to expand...

https://www.silicon.co.uk/workspace/scottish-police-cellebrite-phone-data-extractor-231143

Log in or Sign up

When the FBI Has a Phone it Can't Crack, It Calls These Israeli Hackers

Dermot7 Registered Member

Minimalist Registered Member

Palancar Registered Member

Minimalist Registered Member

CloneRanger Registered Member

Dermot7 Registered Member

Minimalist Registered Member

RockLobster Registered Member

mirimir Registered Member

Minimalist Registered Member

RockLobster Registered Member

mirimir Registered Member

RockLobster Registered Member

mirimir Registered Member

RockLobster Registered Member

mirimir Registered Member

wshrugged Registered Member

wshrugged Registered Member

RockLobster Registered Member

wshrugged Registered Member

Minimalist Registered Member

RockLobster Registered Member

wshrugged Registered Member

Minimalist Registered Member

Minimalist Registered Member

Log in or Sign up

When the FBI Has a Phone it Can't Crack, It Calls These Israeli Hackers

Dermot7 Registered Member

Minimalist Registered Member

Palancar Registered Member

Minimalist Registered Member

CloneRanger Registered Member

Dermot7 Registered Member

Minimalist Registered Member

RockLobster Registered Member

mirimir Registered Member

Minimalist Registered Member

RockLobster Registered Member

mirimir Registered Member

RockLobster Registered Member

mirimir Registered Member

RockLobster Registered Member

mirimir Registered Member

wshrugged Registered Member

wshrugged Registered Member

RockLobster Registered Member

wshrugged Registered Member

Minimalist Registered Member

RockLobster Registered Member

wshrugged Registered Member

Minimalist Registered Member

Minimalist Registered Member

Useful Searches