Barely a day goes by without news of another data breach or system-wide device hack. Our devices have become the ultimate target for bad-actors the world over — and for good reason. Today, our smartphones contain more information about us and our families than any wallet or address book could. That’s why directly accessing mobile filesystems is a holy-grail hack for snoops and fraudsters everywhere.
Of all of the tech companies out there, Apple probably takes the cake in terms of security. Its encryption and privacy efforts are a major part of its platform, and many users are turning to Apple for the blanket protection its products offer. However, a secretive forensics company is claiming to offer backdoor access to every iPhone model — with no way for Apple to stop it!
If the idea of someone gaining total control of your phone makes your blood run cold, you won’t want to miss this security update. We have the latest information on what this data extraction system is capable of, and what it would take to access all of the data on your device.
How is one company able to access data on every iPhone?
In the aftermath of the 2015 San Bernardino shooting, a little-known Israeli forensics firm called Cellebrite made headlines as creators of one of the first commercial devices to crack the iPhone.
Its device, called the Universal Forensic Extraction Device (UFED), is a mini-computer that is able to extract and transfer data from iPhones — regardless of whether they’re locked or encrypted. These devices have seen use in various cellphone stores and even official Apple Retail Stores as a go-to method for extracting contacts and photos.
They’re also used by police in sensitive cases where accessing a phone can help identify a perpetrator or reveal new evidence that would otherwise remain hidden.
Now, according to an update posted to Cellebrite’s website, the UFED is available in a Premium model that is capable of accessing the data of any iPhone model (even with the latest software updates) connected to its ports. This means anyone looking to snoop on a private iPhone would only need to purchase this device, plug the phone into it and let it run.
While this device has a range of legitimate uses for law enforcement and national security, in the hands of a hacker or jealous ex, it could prove disastrous for user privacy. Not to mention the fact that UFED systems are available for sale right now, with some even offered on eBay for less than $100.
The very existence of such a device seems to fly in the face of Apple’s much-lauded security platform, as well as the integrity of iOS as a whole.
Am I at risk of being spied on by a Cellebrite device?
Thankfully, the risk of misuse depends entirely on whether or not your phone or tablet falls into the possession of someone who shouldn’t have it.
The UFED only works in-person, meaning you physically need the phone in front of you in order to extract any information. This means hackers can’t use its abilities remotely over the web, so anyone nervous about iOS being totally vulnerable can breathe easy at this fact.
However, it’s important to know that this device only exists because of some backdoor within iOS’s code. This means that, no matter what, your phone will always be at risk of access if it’s not in your possession.
In order to protect yourself if you lose your device, the best step you can take is accessing “Find My iPhone” via iCloud.com and remotely erasing your device. If you can erase it over the air, there will be nothing left for hackers to extract.
As of now, it’s unknown whether Apple will be able to completely address any security holes that allow devices like Cellebrite’s to scan through private data. Even if they managed to do so, hackers and developers tend to catch up quickly, so for the time being, be extra safe about what you choose to keep on your phone. You might not like what happens if it falls into the wrong hands.