Submitted by Micah Smith on Thu, 03/08/2018 - 10:23
Tracking and Cracking Phones.
Tracking and Cracking Phones.

In the fight for improved and constantly advancing security, it seems that bright minds are responding to the challenge.  

The upsurge in technology is making it harder for hackers to penetrate either our desktop computers or our pocket computers (our smart phones). Most of the time, we view this as a big 'thumbs up' for cyber security, as it means that the data we try to keep private and reserved for our own use, isn’t in the hands of anyone who would want to control us, be that the criminals, the government or anyone else.

We value our phone privacy like we value our other basic individual rights, yet sometimes this personal security runs in real-time conflict with our national security, best illustrated by the San Bernadino encryption battle between Apple and the FBI.

[Cyberhub Summit Coming to Austin, Tx | May 3, 2018 - Cyber Security education for executives and business owners, Exclusive Dinner and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]

Two years ago, Apple refused to give the FBI access to the locked phone of the shooter, this led to the FBI eventually paying a large sum to a third party to crack the phone.  Fast forward two years, and it seems the FBI could have saved themselves over a million dollars.

An Israeli- based firm, Cellebrite, a mobile forensics firm has uncovered a way to basically unlock any iPhone, including the super secure iPhone X. Cellebrite has been providing cyber forensic software since the turn of the century, to their clients and one of its main products, the UFED, or Universal Forensic Extraction Device assists investigators in drawing out data and passwords from cell phones.

Sorry Apple phone crackers, you may have just lost your leverage.

Cellebrite claims they can crack Apple iPhones, iPads, iPad minis, iPad Pros and iPod touch from the earlier iOS 5 all the way to iOS 11 by disabling the PIN, screen locks or passcodes. They also boast to be able to do the same for the major Android phones: Samsung, Alcatel, Google Nexus, Motorola, and lots more.

This has recently been matched by a different security breach revelation also affecting cell phones, namely through fitness apps. Whilst the Apple-FBI struggle shows the glaring problem present in Apples legal rights to remain loyal to their clients' privacy, the Fitness App fiasco shows how unwittingly we can compromise our own phone privacy.

 Nathan Ruser, a university student from Australia, tweeted that by monitoring usage on a fitness app he saw that w the secret location of military sites in the Middle East were accessible to view, by anyone who thought it worthwhile to look at. The Apps global heat map, gave away bases and movement (workouts) of military personnel. Strava's (the app) map lights up with their users' worldwide locations, which in this case were soldiers on base, using the exercise app.

This twitter revelation created panic in the Pentagon and they are still deciding how to handle the incident.  Possibly their first step should be to get everyone to delete the app, although we are assuming this has already been done.

Both these situations illustrate the growing mobile complexities between privacy and security. It's a brave new world where terrorists have access to the same smart phone technology as us.

We must start to successfully integrate that into every operating system that is currently in design. US Homeland Security has already cottoned onto this reality and has recently been working hand in hand with global specialists with hacking credentials to gain access to smart phones in arms trafficking cases.

So, whilst phone suppliers are advising their user to keep devices up -to-date to keep one pace ahead of companies like Cellebrite, a certain part of us hopes that terrorists' groups ignored those Google and Apple Pop-up reminders.