Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company’s mobile forensics tools and highlight the ongoing security improvements in Apple’s latest devices.
The leaked “Cellebrite iOS Support Matrix” obtained by 404 Media reveals that for all locked iPhones capable of running iOS 17.4 or newer, Cellebrite’s status is listed as “In Research,” indicating they cannot reliably unlock these devices with their current tools. This limitation likely extends to a significant portion of modern iPhones, as Apple’s own data from June shows that 77% of all iPhones and 87% of iPhones introduced in the last four years are running some version of iOS 17.
Interestingly, the documents indicate that Cellebrite recently added support for the iPhone XR and iPhone 11 series running iOS 17.1 to 17.3.1. However, for iPhone 12 and newer models running these same iOS versions, the status is listed as “Coming soon,” suggesting Cellebrite’s continuing attempts to keep pace with Apple’s security advancements.
Another document shows that Cellebrite can break into most Android devices, but not all of them. Cellebrite cannot, for example, brute force a turned-off Google Pixel 6, 7, or 8 to get the users’ data.
The revelation comes despite Cellebrite’s marketing claims that their Premium service, which offers additional capabilities, can obtain passcodes for “nearly all of today’s mobile devices, including the latest iOS and Android versions.”
Cellebrite’s Universal Forensic Extraction Device (UFED) is widely used by law enforcement agencies worldwide for extracting data from mobile phones. Cellebrite first garnered significant attention in 2016, when it was believed the company was enlisted to help the FBI break into the iPhone 5c of San Bernardino shooter Syed Farook after Apple refused to provide the FBI with tools to unlock the device.
The FBI did not use Cellebrite’s services for that particular case, but several US government agencies do regularly work with Cellebrite to unlock iOS devices.
Apple continually introduces improvements to the security of its operating systems in order to keep ahead of companies like Cellebrite that are always searching for flaws and vulnerabilities to exploit in order to access the data on locked iOS devices.
For example, in October 2018 Apple’s successfully thwarted the “GrayKey” iPhone passcode hack, sold by Atlanta-based company Grayshift, which had also been in use by U.S. law enforcement.