Cellebrite can’t unlock most iPhones running iOS 17.4 and later

Leaked documents reveal that Cellebrite can’t unlock iPhones running iOS 17.4 and later, at least as of the date of publication (April 2024). The company has confirmed that the documents are genuine.

Cellebrite devices, which are widely used by law enforcement agencies, can crack most Android phones, though there are exceptions …

A quick recap on Cellebrite phone-cracking kit

Cellebrite makes kit designed to break into locked smartphones to access the personal data stored on them, using a variety of techniques. The company says that it only sells to law enforcement agencies and other organizations it believes will use the equipment lawfully.

It was widely reported to have been the company that helped the FBI unlock the iPhone belonging to the San Bernardino shooter back in 2016, though a later report claimed this wasn’t true.

Cellebrite kit relies on discovering vulnerabilities discovered in iOS and Android, which Apple and Google aim to discover and fix. Others also work to defeat the phone-cracking kit, with (mostly) secure messaging app Signal scoring a big win in 2021, when it managed to booby-trap iPhones to render the kit useless.

Cellebrite can’t unlock many iPhones

Back in 2022, 9to5Mac managed to obtain user documentation revealing which iPhone models the kit could and couldn’t unlock. 404 Media has now done the same with a later document, dated April 2024.

Certainly as of that date, Cellebrite had not managed to crack iPhones running iOS 17.4 or later, which will be a very large percentage of iPhones.

Additionally, the kit cannot currently break into most iPhones running iOS 17.1 to 17.3.1, though hardware vulnerabilities in the iPhone XR and iPhone 11 mean those are exceptions. The company appears to have worked out how to access other iPhones running those versions of iOS, however, as the table says this capability is “coming soon” to other models.

The documents are titled “Cellebrite iOS Support Matrix” and “Cellebrite Android Support Matrix” respectively. An anonymous source recently sent the full PDFs to 404 Media, who said they obtained them from a Cellebrite customer […]

For all locked iPhones able to run 17.4 or newer, the Cellebrite document says “In Research,” meaning they cannot necessarily be unlocked with Cellebrite’s tools. 

We know from Apple that the majority of iPhones are using iOS 17, though the company doesn’t share breakdowns of the specific point numbers. That said, it’s a safe bet that a high percentage were uncrackable by Cellebrite as of the date of the document.

Most Android phones are vulnerable

A separate table of Android-cracking capabilities show that most of them are accessible by the kit, though the Google Pixel 6, 7, and 8 are exceptions if they were powered-down at the time they were obtained.

That’s because the cold-boot process blocks the exploit used — but they can be accessed if powered-up and locked.

The same is true of Samsung phones running Android 6, but not those running later versions — indicating that Samsung’s implementation of Android 7 managed to introduce a vulnerability which is still present all the way through to Android 14.

9to5Mac collage of images from Cellebrite and Chris Appano on Unsplash

Cellebrite can’t unlock most iPhones running iOS 17.4 and later

We will be happy to hear your thoughts

Leave a reply

PlayTechArena
Logo