Cellebrite is an advanced and controversial tool that has been used by law enforcement officers to crack the iPhone security on multiple occasions. Today Brazilian police confirmed that they used this tool to unlock the iPhones of two child murder suspects who were arrested after important messages were recovered from their devices.
The Rio de Janeiro police have been investigating the death of a 4-year-old boy since last month, but today the case took a twist with the arrest of the boy’s mother and his stepfather — a city councilman. Police chief Antenor Lopes confirmed on Thursday in a G1 report that the police were only able to arrest the suspects after having access to important messages sent by the couple.
Lopes said the police used the Cellebrite Premium tool to brute force unlock the accused couple’s iPhones. These messages, most of which were exchanged via WhatsApp, revealed conversations with evidence that the child’s stepfather had beaten him before his death, and also that the mother knew everything.
Cellebrite became widely known after the San Bernardino shooting in 2015, when the FBI used the Israeli tool to access the iPhone of suspects. This case started a dispute between the FBI and Apple, as the agency wanted a back door to extract data from personal devices in cases like this. Apple, however, never agreed with the idea of a back door, as the company couldn’t guarantee how it would be used, and this would affect the users’ security and privacy.
On its website, Cellebrite claims that the tool can unlock devices from iPhone 4s to iPhone XS, as well as iPod touch and iPad models running from iOS 5 to iOS 12. Interestingly, Cellebrite also takes advantage of checkm8, which is an “unpatchable” hardware exploit found on all Apple chips from A5 to A11 Bionic.
Cellebrite specifically only sells its tool to government agencies and security researchers, which costs as much as $16,000. This, of course, is not a guarantee that the exploit will be used only for good — and this still raises concerns about how secure our personal devices really are.
Author: Filipe Espósito
Source: 9TO5Google