Smartphones have evolved at an incredibly fast pace, so much that everything from banking to entertainment is done seamlessly on mobile devices. Given the amount of content stored on smartphones these days, security is of utmost importance - now more than ever. But loopholes in the mobile security systems make privacy merely a notion as hackers and even some legit companies creating backdoor access to what is considered the highly secure vault.
Apple boasts of security of its iOS platform, which powers 1.4 billion iPhones and iPads. Even though Apple portrays a strong stand against backdoor access to its devices and data stores on them, hackers and in some cases even governments have managed to break into Apple's walled garden.
Now, an Israeli-based forensics company, Cellbrite, has announced that its new tool can break into any password-protected iOS and Android device. As alarming as this sounds, the developer of the tool, which is called Universal Forensic Extraction Device (UFED), claims UFED can gain access to third-party app data, chat conversations, emails and even deleted content on the targeted device.
"Bypass or determine locks and perform a full file system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means," Cellbrite says.
By the looks of the tool's description, the only limitation is that it cannot work remotely and requires physical access to the device where the hack is attempted. Moreover, the official website says UFED can be used to break into Apple devices running iOS 7 to iOS 12.3, which is almost every iPhone and iPad, as well as popular devices from Motorola, Huawei, LG, Xiaomi and Samsung Galaxy phones from Galaxy S6 through Galaxy S9. The latest range of Galaxy S10 hasn't been mentioned.
This is definitely a matter of great concern for Apple as well as its customers, which rest their worries on the basis that iOS is a secured platform unlike its chief rival and open-sourced system Android. The fact that UFED can access all sorts of communications and even retrieve deleted content raises a huge red flag.
What's more worrying is the fact that Cellbrite isn't the one to be taken lightly. It is the same agency that was involved in unlocking the iPhone 5C belonging to a San Bernardino shooter when Apple could not offer any help. Apple had even refused to bend down to FBI's request to create a backdoor in iOS, a move that was highly praised by security advocates and consumers. But tools like UFED go against that very idea of putting people's privacy first.
Cellbrite, in its poor attempt in defence, says it takes misuse seriously as it has a multi-step process designed to authenticate the validity of the unlock request. But it's worth noting that a device needn't be sent to Cellbrite to unlock it. To recall, Cellbrite devices with the capability to unlock iPhones have been found on eBay for as little as $100, which questions the credibility of its verification process.