Credit / Source: https://old.reddit.com/r/privacy/comments/kkxcct/an_investigation_of_how_the_government_accesses/
With the recent news around the ACLU suing the United States government and the lack of transparency on the decryption/breaking into iPhones, I thought I would do a little investigation for myself.
First, we have Cellebrite. For those that don’t know, Cellebrite^(1) is a digital forsenics and intelligence company based in Israel. Their products are mostly sold to law enforcement and military organisations across the world, but anyone with the right amount of cash could purchase the tool for themselves. Over the past few years they’ve been in the news for the innovative breakthrough of “defeating” various products‘ security features, allowing governments and private companies to access data related to mobile devices and computers.
I began my investigation by creating a free account in their site - yes, you don’t even need to own one of their products to access their knowledge base. It was pretty ironic that an intelligence company openly lists their capabilities by the use of a free account that anyone could create. But, putting that fact aside, I began searching for a few articles in the knowledge base related to the iPhone. A side note, however, is that since these pages were not accessible without a login, I had to create a web archive locally. If you want to view the data for yourself, then you can create an account and access it.
Upon the articles I found, only a few were relevant to the investigation:
- “Can Premium BruteForce a Disabled iPhone?”^(2)
- In this article, Cellebrite states that ”no, Premium cannot BruteForce (BF) a disabled iOS device,” and that ”the disabled iOS device must first be undisabled on Premium before BF is run on it.“ Here we learn that Cellebrite has the ability to undisable a previously disabled iOS device, allowing it to run a brute force attack on it. So, the act of disabling your device through the succession of incorrect passwords does not provide any tangible security from a organisation with one of Cellebrites‘ products.
- ”Can the Data from Deleted Applications on iPhone be Parsed?”^(3)
- Cellebrite states that “there is no way to get the data from uninstalled applications on iPhone.“ Continuing, they state that it is not a limitation of their product, but a technical limitation from iOS. When an application is deleted, its data is irrecoverable because the encryption key that protects that data is also deleted. So, the deletion of an application on iOS prevents the data from being recovered. However, diagnostic logs and download logs from the App Store, will still show that an application was downloaded and used; it just wont show what the application data was.
- ”Can UFED extract data from an iPhone where the user has used the remote feature to wipe data and restore to factory settings?”^(4)
- Similarly to the answer above, once a device is erased remotely or physically, data cannot be recovered from the device. Their infamous UFED/Physical Analyzer cannot “recover deleted information in the unallocated space, since the keys for decryption are no longer available.”
- “Full File System (Checkm8) Extraction Failed on Locked iPhone 8, 8+ and X”^(5)
- A full file system extraction using the Checkm8 exploit is only possible when an iOS device is unlocked, so if it is locked it will fail. Their solution to the issue was suggesting to “disable passcode lock on the device,” which is only possible when a password to the device is known.
- ”Is it Possible to Try an Unlimited Number of PINs to Unlock an iOS Device Without the Risk of Erasing it?”^(6)
- Apparently, if an individual or organisation “attempt[s] to make a few Emergency Calls, this may give [them] the option to try an unlimited number of PINs.” Cellebrite does not mention alphanumerical passwords in this article, but I assume that this method will also work with them if it hasn’t already been patched.
Secondly, we have GrayKey by GrayShift. GrayShift is a company based in the United States, and similarly to Cellebrite, they specialize in intelligence and mobile forensics. Now, the exact details weren’t as easily accessible as Cellebrite‘s knowledge base, but I found a website^(7) that has details relating to the product.
This figure^(8) lists a few features of which the GrayKey can do: extract data from a locked and unlocked iOS device, extract said data before having a known password, supports BFU (Before First Unlock) and AFU (After First Unlock), and additional features only accessible by a NDA. Not surprisingly, the GrayKey allows for multiple forms of brute forcing (i.e. four pin, six pin, and custom length alphanumeric passwords) - see limitations of the GrayKey in the next paragraph and implications later in the post. So, knowing these capabilities so far, what can be extracted from an iPhone? Well, it depends on whether the adversary knows the passcode/password. If the password is unknown, then there are two types of extractions they can do on the device: BFU Partial and AFU Partial. BFU Partial allows an "limited instant extraction prior to passcode discovery," while AFU Partial allows a "95% instant extraction prior to passcode discovery." On the other hand, if the password is known, then the adversary could perform a complete iOS file system extraction. However, on both the unknown and known passwords, the GrayKey is able to extract "[iOS'] process memory and decrypted keychain."
So, at this point we need to ask ourselves how long does it take to brute force a passcode and what are the limitations of the product? Well, not surprisingly the shortest passcode (the four digit passcode) takes the shortest time to crack at an average of 6.5 minutes. Next, a six digit passcode takes an average of 11.1 hours (100 times long longer than the four digit passcode). Finally, a ten digit passcode takes "an average of 4629 days" (10,000 times longer than the six digit passcode). But, that is where it stops. According to Matthew Green, the GrayKey does not allow brute forcing more than a ten digit passcode, but this is only speculation; the product does not mention whether or not it continues attempting to unlock a longer passcode, so it is best to assume that it does.
A quick recap of the abilities of the GrayKey is that it does not have any limit to the number of attempts it can use to try and unlock the device, it can extract data before and after the first unlock (with first unlock being the first unlock after the device is turned on), disabled devices can be unlocked, and it is a secretive product.
Thirdly, I came across another website^(9) that has a much more in-depth explanation for the types of extractions. I'll try to keep this section as concise as possible, while still retaining as much information I feel is useful. There are three types of extractions that can be achieved on a device: logical, file system, and physical^(10 and 11).
- Logical extractions are the least invasive, with the ability to only extract SMS, contacts, call logs, media (i.e. photos and videos), and application data. This type of extraction is primarily acquired through iTunes backups and devices, but are typically restricted by API and/or permissions. It is difficult to perform a logical extraction is the locked "since there are two separate prompts to deal with". Continuing, "[o]ne activates pairing mode with the computer and allows for an iTunes backup and one allows for media transfer if the standard iTunes provided driver cannot be found and it defaults back to MTP (Media Transfer Protocol) mode. If the device has a valid pairing record on the PC where the extraction is occurring, then a logical (iTunes style backup) can be obtained from a locked iPhone. Without that unfortunately it cannot be obtained."
- File systems are in the middle, with the ability to extract everything logical extractions can plus files and hidden files. This type of extraction is primarily acquired through privileged access to a device (i.e. jailbreak), and it shows all files and folders, but does not show any deleted and/or unallocated parts of the device. This is typically limited, not restricted, by the API, and has more permissions than a logical extraction.
- Physical extractions are the most invasive, with the ability to extract everything from the previous extraction types plus deleted data (i.e. photos and videos). It does this by obtaining a bit-for-bit copy of the device. "It usually requires specific cabling, and involves booting the phone into a custom OS, or recovery." But, as stated above, since the encryption keys are deleted when an application is deleted in iOS, that application's data is irrecoverable. Also, "with encryption enabled on the full disk, at the block-level, entire physical reading becomes unusable unless an examiner can retrieve a device's encryption key." Finally, "for the latest model[s] the only available option is jailbreaking and even this won’t help you to physically acquire devices with Secure Enclave"
For more information on the technical side of phone extractions check out the PDF titled "A technical look at Phone Extraction."^(12)
But, even with all of this information, how do law enforcement agencies and other organisations continue to break into an iPhone? Well, the device can either AFU or BFU mode. According the Matthew Green, a professor at Johns Hopkins Information Security Institute, "law enforcement agencies no longer need to break the strongest encryption on an iPhone because not all types of user data are protected by it."^(13) Modern iPhones are protected with different sets of cryptographic keys derived from the Secure Enclave and a user's passcode/password. Once the device is powered up and your password is entered, the device transitions to the AFU state, loading the cryptographic keys into memory. However, once the device is locked or sleeps, "only one set of cryptographic keys gets purged from memory," and that "[this] set stays gone until a user unlocks their iPhone again." This allows the set of cryptographic keys that haven't been purged to be used to decrypt apps that are not protected by them. According to Apple, the "special protection" key - the one that is purged when a device goes into the locked state - only protects "the Mail app database (including attachments), managed books, Safari bookmarks, app launch images, and location data."^(14) Data that remains vulnerable includes "Calendar (excluding attachments), Contacts, Reminders, Notes, Messages, and Photos," meaning that this data could be extracted if a device is in the AFU state. Applications have the ability to use the "special protection" key to protect its data, but it's opt-in meaning that not every app does it. Green continues by stating that "this answers the great mystery of 'how are police breaking Apple’s encryption in 2020'. The answer is they probably aren’t. They’re seizing unlocked phones and using jailbreaks to dump the filesystem, most of which can be accessed easily since keys are in memory."^(15)
But, why? Why would Apple be openly allowing these cryptographic keys to stay in memory when a device is locked? It's simple, actually. Your device needs these keys, so that it can fetch background updates, display notifications and location-based reminders, and more. Green and his team also speculate that Apple does this to provide governmental agencies with enough access to where they won't force them to build a backdoor, but not too much where individuals would frown upon Apple's practices. You can read more information in their research paper, which includes the problems and proposed solutions of data security on mobile devices^(16).
Yet, here we are. Now that you've made it here, what are the take aways? What will make you more secure against device extractions? Note that this is not to protect you from crimes - don't do it to begin with - it is only to explain what could be used to secure your device. Also, do not ever remotely wipe your device, as that is destroying evidence and is heavily punished in the United States. Consult your lawyer before taking this advice to heart, as I am not responsible for any trouble you get in.
- Use a long, alphanumerical password; this helps to prevent accessing data from a device via brute forcing.
- Turn off your device you do not want someone from accessing the device's contents; this purges all cryptographic keys, which will prevent the extraction of data that is not protected by the "special protection" key.
- Don't have a false sense of security, as there will always be vulnerabilities that Apple nor the public does not know about, which would compromise the security of the device.
So, how do you protect yourself? Let me know down below what you thought of this article, as it's my first meaningful contribution to this subreddit. :)
^(2-6) Create an account an view the information using the article titles provided; I cannot use archive websites to create a backup of this content. If it does get taken down, however, I have a local archive which can be used for verification.
^(10) https://archive.fo/1hFTm
^(11) https://archive.fo/jKQ1u
^(12) https://archive.fo/o4Spu
^(13) https://archive.fo/LZFbE
^(14) https://archive.fo/wVqGR
^(15) https://archive.fo/BxhBC
^(16) https://archive.fo/E6tvG