Law enforcement agents in New York City have been cracking into
locked iPhones since January 2018, according to a new report.
Agencies are using a tool called Universal Forensic Extraction
Device (UFED) that’s developed by Israeli firm Cellebrite. It is
said to have cost at least $200,000 and allows a full file
system extraction.

iPhone is one of the toughest smartphones to crack into, thanks
to incredibly robust security. And Apple has faced criticism for
not making it easier for law enforcement to get into its devices.

But if you have enough cash, there are tools out there that will
extract data from a locked iOS devices. New York City has been
using one of them for almost two years now.

How NYC cracks into locked iPhones
OneZero claims it has proof that the Manhattan District
Attorney’s office has been using a UFED to gain access to
extract data from suspects’ iPhones and high-end Android devices.

The UFED Premium was announced by Cellebrite this June. It
promises to be the only “on-premise solution” for breaking into
locked handsets and extracting almost every byte of data
available.

The tool can pull messages, emails, third-party app data, and
even deleted content. But it costs a fortune, according to a
leaked contract.

OneZero says NYC was using a UFED Premium 18 months before
Cellebrite announced it publicly, for which it is paying around
$200,000 over three years for licensing, installation, and
training.

Cracking into iPhones isn’t cheap
And that’s just the start of it.

The supposed contract between Cellebrite and NYC law enforcement
also references $1 million worth of undisclosed add-ons. But
it’s not clear if any of those have been obtained by the DA.

There are also some strict rules that must be adhered to. Only
an agreed-upon number of devices can be cracked. And the process
must happen in a designated “secure room” that must not contain
any recording devices.

Apple security no match for Cellebrite
Cellebrite has been walking all over Apple’s security systems
for years. It was reported in 2016 that the company helped the
FBI obtain access to an iPhone used by a San Bernardino shooter.
Apple refused to provide a backdoor of its own.

Cellebrite makes millions of dollars selling data extraction
solutions to law enforcement agencies around the world. The FBI
alone has spent at least $2 million since 2012. It was reported
last month that Cellebrite had signed a $30 million contract
with Immigration and Customs Enforcement (ICE).

It’s not clear how many devices the Manhattan DA has gained
access to — or how many convictions UFED Premium may have led
to. The DA hasn’t even disclosed the use of Cellebrite’s tool,
and it did not respond to requests for comment from OneZero.

Cellebrite is also keeping quiet about the use of its tools. It
said: “Cellebrite company policy prohibits us from discussing
the details of our customers and clients.”

It’s not clear if iOS 13 takes any steps to block Cellebrite
tools.

https://www.cultofmac.com/657644/new-york-city-cracking-locked-
iphones-since-january-2018/

Apple security is a joke. Go to Black Hat and see for yourself.