Security firm Cellebrite made headlines earlier this year when its services were employed by the FBI to help break into the phone of the San Bernardino shooter. Cellebrite recently invited a bunch of UK press to an event to show off what it's capable of.
Equipped with an outdated smartphone, BBC reporter Rory Cellan-Jones went off for a half an hour, password-protected the device, and took pictures -- basically using the phone normally. You can see where this is going. Despite the password, Cellebrite plugged the phone into a bulky tablet, and after a few taps, the phone's security was disabled. From that point on, the phone was completely accessible, so any photos that the journalist would have taken could be easily retrieved.
Image Source: BBC
It's easy to discredit this kind of test given the fact that Cellebrite was so selective about the phones it handed out - especially since they were running a very old version of Android (4.2) -- and we're sure that was done for a reason. It's likely that modern phones simply don't suffer the kinds of flaws that the company is easily able to break into. Even the San Bernedino shooter's phone was running an older version of iOS. So what's this really tell us?
It tells us that if you're running an outdated phone, you really shouldn't feel that secure. Even if you're running a more modern one, you still shouldn't rest too easy. We're hearing about new flaws all of the time, and there's no telling what the next one will be. Android 4.2 is about four-years-old, and many Android flaws have been discovered and patched since then. If these old devices could be patched up today, chances are good that most of these hacks Cellebrite currently uses would no longer work.
That said, Cellebrite does claim that it can even retrieve data from Apple's newest phone, the iPhone 7. We're just not sure what data.