FBI was exposed to unlock iPhone tools, no need for Apple to “stay behind the door”


Editor’s note: This article is from Tencent Technology.Cellebrite’s Universal Forensic Extraction Device Can Be Used to Obtain Data from Connected Smartphones January 15 news, according to foreign media reports, the FBI and Attorney General William Barr both demanded that AppleAn investigation into the shootings in Pensacola, Florida, provided further assistance.However, security experts point out that the FBI already has hacking tools that can unlock the iPhone, and does not need Apple to “stay behind the door.”Unlocking the Gunner’s iPhone is not difficult. December 6, 2019 Mohammed Saeed Alshamrani, the gunman of the terrorist attack in Florida’s naval base, has an iPhone 5 and an iPhone 7.First released in 2012 and 2016.Alshamrani is dead, his phone is locked, and the FBI is looking for ways to unlock these devices.In recent days, the FBI, Barr, and even U.S. President Donald Trump have appealed to Apple to help unlock the gunman’s iPhone.But Apple rejected these requests, but it raised a question: How difficult is it to get data on the iPhone in an emergency?Although the FBI has previously made requests to Apple, such as during the San Bernardino shootings, it may be understandable because law enforcement agencies lack other options.But the latest request came when law enforcement agencies had alternatives.Security experts and forensic forensic experts said that tools from GrayShift, Cellebrite, and other companies provided iPhone unlocking tools.This caused the situation to reverse in a few years, because experts previously said that iPhone security could not be cracked by the technologies and methods available at the time.”We now have tools for extracting data from iPhone 5 and iPhone 7, and everyone is using them,” claims Andy Garrett, CEO of forensic forensics company Garrett Discovery. The tools themselves are reasonably priced.At least for governments and law enforcement agencies, the potential cost of obtaining the software and hardware needed to access them is believed to be about $ 15,000 or less.Previously, the FBI was exposed to spend about $ 1 million to pay third-party companies to access data on the iPhone 5C, the core of San Bernardino’s investigation.From the perspective of expenditure, the United States federal procurement records show that the FBI alone spent more than $ 1 million on GrayShift’s tools to help unlock the equipment involved.”IPhone 5 and iPhone 7? There are many ways to unlock them,” said legendary iPhone hacker Will Strafach. “I don’t think it’s a piece of cake, but it’s not too difficult.”Strafah now runs a security company called Guardian Firewall.In fact, Strafah and other security experts said that Apple does not need to create a “back door” for the FBI to unlock the iPhone belonging to Alshamrani.Neil Broom, working with law enforcement agencies to unlock the device, warns that software versions running on the iPhone 5 and iPhone 7 may make it more difficult to unlock the phone, but unlocking is still possible.”If the phone is running a specific version of iOS, it may take an hour to unlock it. But the version of iOS they run may not be vulnerable,” he said. However, new vulnerabilities are constantly being discovered.Today, security companies such as Apple and Cellebrite are playing “cat and mouse” games.The iPhone maker releases a new device or a new version of the iOS operating system that locks everything.Security companies and researchers then start investigating, often finding ways to hack the phone after a few months.These vulnerabilities sometimes turn into tools that the FBI and police can use to access data on the iPhone.New unlocking tools are constantly emerging, and the barriers to accessing content on smartphones are low, which makes it cheap enough for US states to use the same tools.For example, law enforcement agencies in Gwinnett County, Georgia, unlocked approximately 300 phones in 2018 and began rehearing pending cases by accessing previously unreadable devices.”This really opens the door for our investigation,” said District Attorney Investigator Chris Ford. He also said that his proposal now produces three times as much forensic data as before buying the GrayShift tool.Forensic experts also say that these phone unlocking tools are undermining calls from the Justice Department, government officials, and other senior law enforcement officials for manufacturers to more easily access device data.These calls include repeated calls for Apple and other companies to increase encryption “backdoors”, where only law enforcement can access stored data while maintaining security.But technology companies and many critics counter that adding any “backdoor” will weaken security as a whole, and there is no guarantee that any intentional “backdoor” permissions will not fall into the wrong hands.Experts believe that Apple’s security is no longer considered to delay investigations as before.”This is a cat-and-mouse game,” said Sarah Edwards, a digital forensics expert at the SANS Institute. “Apple has locked things up, but if someone wants to find a way to get into these devices, they will surely succeed.Bloom said U.S. law enforcement agencies work with security companies, including Cellebrite, which will “do their best” to help the government win big contracts.Cellebrite, a subsidiary of Japan’s Sun Corp, said in a statement: “As part of an ongoing investigation, our technology is used by thousands of organizations worldwide to legally access and analyze very specific digital data. In accordance with company policy, weThe investigation was not commented. “In 2016, the company helped the FBI crack the iPhone of the gunman in the San Bernardino attack in California.GrayKey is a high-energy foundation launched by Atlanta-based GrayShift, whose employees include former Apple software security engineer Braden Thomas.GrayShift did not respond to a request for comment on Tuesday.According to Strafah and other researchers, a new security flaw called “Checkm8” will affect iPhone chips released between 2011 and 2017, including the iPhone 5 and iPhone 7.He said: “With the Checkm8 vulnerability, you should be able to get forensic images of the file system, unless the phone is set with a long passphrase. There is only one question here, is the government going to pay contractors to unlock them. If the Checkm8 vulnerability cannot be usedThey can pay contractors to do it. “The Checkm8 vulnerability could support Cellebrite’s updated hacking tools.The Israeli-based company provides law enforcement agencies and other customers with a “UFED Physical Analyzer,” a special “Touch2” tablet and personal computer software called “4PC.”According to Bloom, the cost of all this is about $ 15,000, and annual maintenance costs usually cost another $ 4,000.The FBI may also need other tools to unlock the iPhone, such as GrayShift’s GrayKey or Cellebrite Premium, a special internal service for law enforcement agencies.According to Broome, the price of these products may be between $ 100,000 and $ 150,000.”These tools are already available all over the country, so law enforcement agencies do n’t need to spend more money to unlock these phones, they may just be waiting for specific vulnerabilities like Checkm8 to become available,” he said earlier.Internet services provide “all information” about gunner-related equipment.However, some data that the FBI may be interested in will only be stored on the iPhone.For example, iMessage text is encrypted when stored in the cloud, but they are usually readable on the device.The 2016 San Bernardino case ended with the government using Cellebrite technology to unlock the iPhone. If security experts are right, this time is likely to be the case.However, this will not end the standoff between the FBI and Apple.Yotam Gutman, director of marketing for cybersecurity company SentinelOne, said that as iPhone devices become more complex, companies like Cellebrite have become more difficult to penetrate the iPhone.Strafah also said that unlocking Apple’s latest smartphone, the iPhone 11, was much more difficult.Backdoors are not the best solution. The struggle between law enforcement agencies and criminals has never stopped since the birth of civilization.Law enforcement has gotten better, so their game is over.But as criminals advance, law enforcement needs to keep improving.At the same time, as a stopgap measure, the government wants to fight crime by forcing tech companies to create encrypted backdoors and unlock smartphones on demand.But Apple once again said that the federal government should change its mind.Technology companies are committed to making us more secure, and Apple at least wants us to protect our privacy.Apple’s stance and toughness on this issue once again benefits us all.This has indeed made it harder for the agencies responsible for one aspect of our security, and apparently, so far, they have been struggling with the challenges and devising countermeasures to detect and deal with bad people.And, if reports of the perpetrators’ phones were iPhone 5 and iPhone 7 are correct, then the problem has been resolved.This “safe enclave” is not a problem for the iPhone 5 law enforcement department, so this is a problem that is easier to crack.Although the iPhone 7 does have a “Checkm8” vulnerability, if properly exploited and given enough time, you can find a way to crack it.The FBI can now use its contractors to unlock the phone, and they have proved that they can and will do so with the San Bernardino case.Barr apparently wanted to use these phones as an expression of political opinions.If he gets what he wants, he will make us less safe every day.As the US Attorney General, he should know that.As Apple said, there is no “back door” and it is only open to good people.If it exists, it will be discovered by the bad guys.To facilitate law enforcement, encrypted “backdoors” weaken the overall public safety.There are other ways available now, and if there are no bullet holes on these phones, they should still work and be unlocked.US law enforcement has absolutely the means and willingness to unlock phones without a “back door.”(Tencent Technology Review / Golden Deer.

Tags : EntrepreneurshipInternet entrepreneurshipInternet entrepreneurship project