Warning Issued For Apple's 1.4 Billion iPad And iPhone Users

[Anta Assamey]

With Apple’s (admittedly ugly) iPhone 11 now coming together quicklyand recent iOS 12 releases looking rock solid, the company has been on something of a roll. But that just changed. 

Apple's iPhone XS, iPhone XS Max and iPhone XR

 APPLE

Israeli forensics company Cellebrite has told users that it has found a way to break into any iPhone or iPad running any version of iOS - including the latest release. With Tim Cook previously stating there are 1.4BN active iOS devices around the world, that’s concerning news for every one of them.

Picked up by AppleInsider, Cellebrite reveals that it can perform a “full file system extraction on any iOS device" and this service is for sale. Moreover, Cellebrite is a company you should take seriously. Back in 2016, the FBI is widely understood to have used Cellebrite to crack the iPhone 5c belonging to shooter Syed Rizwan Farook following the 2015 San Bernardino terror attack, and the company has previously talked to Forbes about its service.

 

In its defence, Cellebrite says its tools require you to physically have possession of the iPhone or iPad you want to hack (it cannot be done remotely) and that it performs lengthy security checks to determine the entitlement of anyone who wants it to crack a device. That said, Forbes has previously reported that Cellebrite kit has sold on eBay for as little as $100, making it the dream for hackers and jealous spouses alike.

Apple's iPhone XR

 APPLE

 

In addition to this, the obvious point to make is that a backdoor to iPhones and iPads has clearly been found and - given its vulnerability across every version of iOS - it is not one Apple either knows about or knows how to prevent. With iOS 13 about to cut off support for millions of iPhones (one of which is still on sale), for many, it may be a vulnerability that never gets fixed.

Apple has long touted security as a big selling point over rivals (note: Cellebrite has previously said it can hack Android devices as well), but now the company needs to prove it by finding and shutting down this access before it - inevitably - spreads far and wide.