Israel-based Cellebrite reportedly privately announced the capability to subvert the security of iOS 11 enabled devices including the latest iPhone, iPad, iPad mini, iPad Pro and iPod touch.
While the company hasn't made a public announcement concerning its capabilities, anonymous sources told Forbes that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics firms across the globe.
A separate source in the police forensics community told the publication Cellebrite told him the company could unlock an iPhone 8 and that he believed the same was possible for the most recent iPhone X.
Apple has yet to address the claims but the tech firm recently released iOS 11.2 to address several serious vulnerabilities that were spotted by Google Project Zero. Despite the updates, it appears the exploits may have already been used on an iPhone X in a federal investigation involving an arms trafficking case, the publication said citing a warrant.
A suspect's device was sent to a Cellebrite specialist at the DHS Homeland Security Investigations Grand Rapids labs and the data extracted on December 5, 2017.
Rod Soto, director of security research at JASK told SC Media history has taught us that keeping zero days in the name of security or for law enforcement is dangerous.
“In addition to this potentially impacting civil rights and due process, it also relies heavily on the ability of Cellebrite (and similar firms) to keep the code out of the hands of malicious actors,” Soto said. “It's difficult to do this, as evidenced by the leaks of NSA exploitation code.”
He went on to say that once threat actors gain access to these tool, they can implement aggressive mass exploitations that have the potential to cause extensive losses and, in some cases, put the general population's well-being at risk.