A few hours ago, the news broke that the Spanish government has purchased 15 Cellebrite UFED Touch 2 analyzers. With that long name it may not attract attention, but in short, they are devices that allow extract information from certain iPhone models. A tool that will now be part of the fleet of the Directorate General of the Police of Immigration and Borders (CGEF).
Extract information, but only under certain circumstances
For those who do not know, Cellebrite is an Israeli company specializing in the sale of tools to access information on electronic devices. The idea behind these expensive gadgets, at more than 10,000 euros per device, is to be able to extract information from cell phones, even if they are blocked.
The exact specifications of the accessible information and device models are not entirely clear, even on the manufacturer’s website. In Cellebrite, they state that the government-bought UFED Touch 2 provides access to information for 85% of iPhones currently on the market, while the newer iPhone 12s are not mentioned among the possible targets of their. technology.
The cat-and-mouse game is the best analogy for understanding the world of data security. Security vulnerabilities are continually discovered that can be used to access information, and these vulnerabilities are continually closed and protections enhanced to prevent such access.
A few months ago, news broke that Telegram officials had the opportunity to take a close look at one of Cellebrite’s tools. Due to the low security of these devices, Telegram was able to design a system to randomly modify all the data already collected or to be collected on one of these devices without even being able to know if it had been modified. Faced with this situation, Cellebrite had to announce that it would stop offering information mining from iPhones until they could guarantee reliability.
An extraction with a few asterisks.
In the end, it is, as we said, a standoff between the need to protect the increasingly abundant information on our iPhone and to be able to extract some of this information in certain situations. We don’t know what security details iOS 15 will include when it’s released to the public in a few weeks, or what security holes Cellebrite might have up its sleeve to continue accessing information.
What we do know is that security experts are increasingly tasked with properly reporting to companies, like Apple in this case, security vulnerabilities they discover so that they can be quickly addressed. We also know that companies like Cellebrite are relying on precisely these unreported security holes to deliver tools like the ones the government has purchased. As we said before: a game of cat and mouse.