Recent revelations about Cellebrite software – a forensic tool used to extract data from smartphones – are an example of how easily devices can be exploited. The Singapore-headquartered cybersecurity firm Group-IB has warned that every smartphone user is at risk, whether they’re using Apple iOS or Google Android.
Cellebrite Premium, a tool used by law enforcement agencies to extract data from locked smartphones, has been under the spotlight since February 2024. The FBI previously used it to crack the Donald Trump shooter’s phone in 40 minutes.
This week, an Amnesty International report unveiled how the Serbian authorities used this product, developed by an Israeli company, to illegally break into the devices of journalists and activists.
These are just a few examples that illustrate how easily devices can be exploited. Group-IB raises an urgent question about transparency and user safety.
“Recent findings suggest that smartphone manufacturers frequently downplay or conceal security vulnerabilities. This leaves both individuals and businesses exposed to risks such as data breaches, identity theft, and corporate espionage,” the firm claims in a report.
Sensitive forensic tools show that virtually all modern smartphones are vulnerable to data extraction after their first unlock.
“While older devices are particularly susceptible, even the latest models are far from immune. Unfortunately, all users of modern smartphones running Apple iOS and Google Android are at risk,” Group-IB’s report reads.
What are phone unlocking and forensic tools capable of?
Forensic tool developers themselves list the features their tools are capable of.
The changelogs for Cellebrite detail the added capabilities to brute-force locked iPhones running iOS versions 12.5-17.2.1, and the support for Samsung Galaxy S24 series, including both Qualcomm and Exynos models.
Previously leaked support matrices included even the new smartphone models, including the Pixel 8 series and iPhone 15 series. The vendor specified that the newest smartphones are vulnerable after the first unlock.
Apple recently responded and introduced a new iOS security feature that reboots the iPhone after 72 hours of inactivity.
Another phone unlocking and forensics tool, GrayKey, claims it can partially access every iPhone running iOS 18 or older. However, according to Group-IB, it struggles with the latest iOS updates. The tool lists all Google Pixel devices as vulnerable after the first unlock.
“Older devices, such as the iPhone X and those preceding it, are wide open and can be easily exploited,” the Group-IB researchers said.
“Despite advanced encryption, modern devices are not immune – in fact, current devices remain vulnerable, especially in AFU (after first unlock) mode.”
Other unauthorized parties are increasingly using jailbreaking and file-swapping tools to exploit stolen or lost smartphones. These tools allow attackers to access system files and replace them with manipulated data.
Another method of bypassing the activation lock involves unauthorized parties using fake responses, seemingly from Apple servers, or swapping backup files to bypass features like “Find My iPhone” and “Activation Lock.”
“Even the most secure smartphones can be exploited when stolen or lost,” the researchers warn.
Many attacks target vulnerabilities in bootloaders or USB ports during active use.
Group-IB shared a price list for unlocking various Apple devices in the underground market.
“These bypasses are often temporary, lasting only until a firmware reset or update. However, they provide enough time for attackers to resell stolen devices as fully functioning smartphones,” the researchers said.
While smartphones can be easily compromised, researchers also raise another question – can the devices be trusted as evidence if data integrity can no longer be guaranteed? The information can be easily planted or altered.
How can you protect yourself?
Cellebrite and other tools potentially leave smartphone users exposed to risks, including data breaches, identity theft, evidence tampering, or even corporate espionage.
Group-IB recommends iOS users activate lockdown mode, as it limits exploitability and upgrades smartphone hardware as often as it is available.
Android users should use secure models like the Google Pixel 8 and newer smartphones with activated MTE (Memory Tagging Extension).
“Experienced users could consider a custom OS that converts AFU to BFU (before first unlock) and remember to lock the bootloader,” Group-IB said.
“Use Huawei smartphones with HarmonyOS for the Chinese market.”
Manufacturers should enhance hardware security by enabling a complete disconnection of the smartphone port in locked (charging only) mode, which protects the port hardware and interrupts any data transfer.
The Group-IB also recommends following Apple’s example by introducing the ability to switch the smartphone to BFU (before first unlock) mode after even shorter periods of inactivity.
“Strengthen bootloaders: Identify and fix vulnerability problems in bootloaders and ensure that these vulnerabilities are reported. Some older smartphones can be compromised by brute-force hacking the password (hence the recommendation for a minimum password length),” Group-IB noted.
Improvements are needed for biometric security and anti-theft systems, which enable temporary bypasses.
Your email address will not be published. Required fields are markedmarked