OS shocker: Android phones said to be harder to crack open than the Apple iPhone

OS shocker: Android phones said to be harder to crack open than the Apple iPhone
Cellebrite is the Israeli company known for its Universal Forensic Extraction Device (UFED) "cracking machine" that allows law enforcement to break into a locked smartphone. Apple has been involved in a battle with Cellebrite and its rival Grayshift. The latter's GrayKey machine is also used to extract data from a handset. Every time Apple blocks these machines from working, the companies come up with something new.

Plugged into an iPhone's Lightning port, these machines use technology that allows them to override the limit on the number of passcode attempts a user could try before the phone is automatically wiped of all data. That allows the cracking machines to use "brute force" or try every passcode combination possible to unlock a phone. Apple thought it had these machines licked when it introduced USB Restrictive Mode in iOS 11.4.1. This prevents the Lighting port from doing anything but charge an iPhone if the device hasn't been unlocked within the last hour. But both Cellebrite and Greyshift returned Apple's volley and by last June, Cellebrite said that it could "perform a full file system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on any many high-end Android devices."

Private forensic examiner says the FBI's stated inability to crack open the Pensacola shooter's iPhones is "BS"


Earlier this month, when President Donald Trump and Attorney General William Barr attacked Apple for what they said was Apple's refusal to work with law enforcement (Apple refuted this argument a few days later), we told you about Cellebrite's amazing new technology that allows it to exploit a vulnerability called Checkm8. Thanks to this vulnerability, Cellebrite can access the A-series chipsets used by iPhone models from 2011-2017. Cellebrite's security research vice president Shahar Tal recently told clients that "For the first time ever, a wealth of previously untapped data sets from iOS devices can be leveraged to change the course of investigations. This update allows you to quickly perform a forensically sound temporary jailbreak and full file system extraction within one streamlined workflow."


A test made by the National Institute of Standards and Technology (NIST) found that both Cellebrite and Grayshift devices were able to extract nearly all of the data out of an iPhone 7, one of the two Apple handsets owned by Pensacola shooter Mohammed Saeed Alshamrani. For some reason, the FBI had asked Apple to unlock Alshamrani's iPhones which the company refused. And that led President Trump to call out Apple by tweeting, "We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers, and other violent criminal elements. They will have to step up to the plate and help our great Country." But a private forensic digital forensic examiner named Jerry Grant, who is a Cellebrite customer, said, "This whole thing with the new terrorists and [the FBI] can’t get into their phones, that’s complete BS."

A new report from Vice (via Android Authority) says that Cellebrite's current UFED 4PC software can extract data from an iPhone related to GPS data, call logs, messages, and contacts from an iPhone X and older. It can partially extract data from apps like Twitter, LinkedIn, Instagram, Pinterest, and Snapchat but cannot collect email. However, as Vice points out, cloud-based email apps like Gmail can be opened by law enforcement if they have a valid warrant.

The interesting thing about the report is that it notes that the latest version of the Cellebrite software is not as successful extracting data from Android devices. The Google Pixel 2 and Samsung Galaxy S9 would not allow the software access to GPS, social media or internet browsing. Messages and call logs could not be extracted from Verizon's Ellipsis 8 tablet and the Samsung Galaxy Tab S2 slate. Ironically, for all of the moaning from conspiracy theorists about the backdoors supposedly baked inside Huawei devices, no information at all could be extracted from the Huawei Mate 20 Pro.

Even law enforcement is noticing that Android handsets are getting harder to break into. Fort Worth Detective Rex Kiser, who works for the Fort Worth Police Department handling digital forensic examinations, told Motherboard, "Some of the newer operating systems are harder to get data from than others. I think a lot of these [phone] companies are just trying to make it harder for law enforcement to get data from these phones ... under the guise of consumer privacy. Right now, we’re getting into iPhones. A year ago we couldn’t get into iPhones, but we could get into all the Androids. Now we can’t get into a lot of the Androids."

Detective Kiser says that Cellebrite is the leading tool for most devices except for the iPhone. The GrayKey machine made by Grayshift was able to extract all data off of an iPhone X except for Pinterest where a partial extraction was achieved.

FEATURED VIDEO

21 Comments

19. cevon3239

Posts: 215; Member since: Jan 01, 2020

Both Microsoft and Google have to be more secure by default, because they have the most usage. Both Windows and Android are both certified by the US Government as being safe to use over OSX and iOS. That is a fact! Apple has always taunted security through obscurity and now that iOS is just as popular as other platforms, it is now being attacked and we have seen how insecure it is. Platforms dont have backdoors. HUAWEI hardware, particularly network appliances have backdoors that exist to give OEMs ways to service hardware when it breaks. Those doors can easily be closed and are only used as failsafes. Cisco products have those same backdoors. These safety measure prevent someone from just plugging a laptop to a network and getting access. But an admin can use apps like TELNET, Putty or WinSCP to use credentials to access hardware. Those backends can be closed by simply changing the default passwords. Those backdoors are not intended for malicious use, they simply can be. Platforms dont have backdoors, that is why hackers have to find something to exploit for access. IOS versions have all been hacked by hackers finding a way in through vulnerabilities in the code, because there always are some. OSC is the only platform where running a malicious code erased the OS while it was running. Something you cant do in Windows. I'm not surprised by this, this has been a fact for years now. Its only Apple fan who lies and make false claims to make them think paying more for a products means its better.

21. sgodsell

Posts: 7676; Member since: Mar 16, 2013

To sum it up why Android is harder, is because there is a lot more different OEMs with different devices. Plus there is different versions of Android running all over. Some might be running Android 8, some on 9, and 10 versions of Android. Not to mention different security patches, with different SoCs, and different hardware sensors with different drivers. It's a jungle out there for every OEM to maintain Android.

11. lyndon420

Posts: 6941; Member since: Jul 11, 2012

I'm not shocked at all. Especially with the Huawei phone. I should have bought one when I had the chance :(

10. ssallen

Posts: 224; Member since: Oct 06, 2017

Zerodium, yet another security company, stated this LAST SEPTEMBER. PhoneArena just wanted to ignore it.

7. Elvis358

Posts: 302; Member since: Mar 25, 2018

And yet FBI can't unlock iPhone's.

9. ssallen

Posts: 224; Member since: Oct 06, 2017

They absolutely can and HAVE. FBI has already unlocked all the iPhones. They just want to make it easier.

5. shiv179

Posts: 204; Member since: Aug 08, 2012

Hahaha take that Apple! :P

2. meanestgenius

Posts: 23083; Member since: May 28, 2014

“Ironically, for all of the moaning from conspiracy theorists about the backdoors supposedly baked inside Huawei devices, no information at all could be extracted from the Huawei Mate 20 Pro.” Could this perhaps be the reason why the U.S. government is on the attack against Huawei? Because they can’t get into their phones to begin with? There has been no evidence produced by anyone to show that Huawei has backdoors, and now this information comes up. If Huawei devices have backdoors, they would have been able to exploit that to sensitive information. It seems the real reasons for the U.S. government’s witch hunt against Huawei are coming to light.

3. Dr.Phil

Posts: 2577; Member since: Feb 14, 2011

That is just Cellebrite. It doesn’t mean they couldn’t use another software company or extraction device to break into Huawei phones. And, as mentioned in the original source article, Cellebrite typically updates it’s software when it finds it can’t get into something. In fact, reading through the DHS PDFs there are other means to break into the Huawei phone that prove successful. The reason they can break into so many iPhones is because every iPhone uses the same software. So if you are able to crack into iOS 13.3 then you can potentially crack into every device containing iOS 13.3. Considering that terrorists tend to use iPhones for communication, there was a need there for the software to be developed. There aren’t that many terrorists or criminals that are using a Huawei phone (or a Huawei phone that is locked to where they can’t get in). Hence, there isn’t a push for software to be developed for it. In fact, if you look at the charts they even talk about phones like the Galaxy S3 not being able to give some information which I think we all can agree the software running on a Galaxy S3 could easily be broken into if someone were to try.

4. meanestgenius

Posts: 23083; Member since: May 28, 2014

It also doesn’t mean that another software company could do it, either. Until it actually happens, we have to go with the evidence on hand, which is so far, it couldn’t be done. However, you’re missing my point entirely. Nowhere in my comment did I say or allude to Huawei smartphones being impenetrable. My entire point revolves around the fact that so many conspiracy nut jobs are claiming that Huawei has backdoors in their smartphones. Backdoors make hacking a smartphone easier through exploiting them. The article itself even alludes to there not being any backdoors, thus making it harder to get into Huawei smartphones. All I’m saying is that this is most likely one of the reasons why the U.S. government is on a witch hunt for Huawei, especially since they can’t get inside them to place backdoors of their own.

12. TBomb

Posts: 1772; Member since: Dec 28, 2012

I'm not sure that strategy would be the smartest avenue for the US Gov to take. Why spend the absurd amount of resources (time, personnel, and money) to try and block a company around the world when you get more effectively just learn breaking into the devices? Unless you think Huawei smartphones ARE impenetrable, then just focusing on penetrating them is the smarter route to go. And call the backdoor believers conspiracy nut jobs all you want, but your comments here seem like the work of a conspiracy nut job. Personally, I don't care if someone has a Huawei phone or not. Regardless if there is a backdoor to Chinese Gov or not, it's Person-X's data/life. Take whatever level of precautions you want with it. *BUT* if company's are spying on behalf of their country's government, I would much rather have it be my own government or an allies, rather than an "enemy" or communist one. just because I don't believe I'm going to get in a car accident on my way to work every morning doesn't mean I skip putting on my seat belt.

14. meanestgenius

Posts: 23083; Member since: May 28, 2014

Focusing on this absurd witch hunt is what’s a true waste of money. They’ve yet to prove Huawei is spying for the Chinese government. Nah, it’s you and the rest of the nut jobs that sound like conspiracy nut jobs, ranting and raving about Huawei spying when no proof has been provided. I would rather NO government spy on me, especially the U.S. government. And of you think they are your ally, then I’ve got a bridge to sell you in Brooklyn, and I’ll even throw in the water underneath it for free. Just because someone keeps yelling something is true, doesn’t mean it is. Red Riding Hood, anyone?

16. TBomb

Posts: 1772; Member since: Dec 28, 2012

I didn't claim anything about backdoors in any products in my post. All I said is I'd rather not risk it - like putting my seatbelt on in a car. I also never said I wanted a government to spy on me. I said if I were to be spied on I'd rather it be my country or an ally of my country and not someone my government has tensions with. Won't dismiss your statement for this mistake but I don't think you meant Little Red Riding Hood, the moral of that story is don't trust strangers. The story of the boy who cried wolf more closely resembles someone yelling something a lot that isn't true. At the end of the day, I'm receiving a vibe from your comments that you're too invested in everything that deals with Huawei right now for me to have a differing OPINION. Keyword there is "opinion" because that's all we have... there have not been enough facts to prove/disprove any story. I'm sure we'll cross paths in the comments again.. so until then *hat tip* pce

17. meanestgenius

Posts: 23083; Member since: May 28, 2014

You were defending the backdoor believers and saying I’m the one that sounds like a conspiracy nut job as if I’m making the claim of backdoors without proof. I’m not. I demand proof to avoid making an uneducated judgment. Your obvious choice should be to not have any government spying on you at all. History has shown us that it’s your own government that will do you dirtier than soiled panties from a prostitute that’s been on the streets for 4 days straight with no rest. Yeah, I meant the boy who cried wolf, and the moral of that story is don’t lie and make up stories. They may come back to literally bite you in the @$$. Lmao your vibe is incorrect. I’m not invested in company that doesn’t know I exist aside from signing in to their services on one of their smartphones. However, the vibe I’m getting from you is that I’m a nut spouting conspiracy theories. You clearly aren’t excepting my differing point of view. I have no problem with anyone’s opinion, but if I have facts that say otherwise, or if ones opinion is lacking in facts, I’m going to point it out. I’m a guy that likes to see evidence. If no one can provide any, I have to go with the choice that the evidence (or lack of evidence) leads to. Pretty sure we will cross paths again, though. PA is a small place. Be well.

18. cevon3239

Posts: 215; Member since: Jan 01, 2020

Huawei doesnt spy for its governement. The issue is, because China is a communist government, if the Government was to tell Huawei to spy, they would have no choice but to comply. Because in a communist regime, the government can shutdown any company that doesnt comply with its demands. Huawei already stated they never would comply, which means they are willing Ron assume the risk. The Chinese could literally walk into Huawei and kill people to get compliance. But this has never been an issue. The reason the US went after Huawei is because it is Chinas version of Cisco and they wanted to use the ban as leverage to get a deal. Obama already did a deal with China that both agreed too. Trumps hate of Obama because he is a racist dog, just wants to undo everything Obama has done.

13. Dr.Phil

Posts: 2577; Member since: Feb 14, 2011

It doesn’t mean there isn’t a backdoor though. I think you’re reading into it something that it is not mentioning. If you create a software with a hidden door, just because others can’t see that door doesn’t mean it doesn’t exist. I’m not saying Huawei does or does not have a backdoor. But to read into this as if it says there is none is absolutely not true. Also, as I mentioned, software is made when there is a need. As of right now there have been no terrorists or criminals that are using Huawei phones, but when there is one I am willing to bet there will be software created to break it. Also, counterpoint here, do you really think a phone that is popular in mainland China by an oppressive communist government would not have access to Huawei phones? I don’t think the Chinese government would allow 50% of their population to own devices that they couldn’t gain access to. If you believe that, then I have a bridge to sell you as well.

15. meanestgenius

Posts: 23083; Member since: May 28, 2014

It doesn’t mean that there is a backdoors, especially since there has been no evidence to say that there is. I’m not reading into anything. Again, there has been zero proof from any government that Huawei devices have backdoors. I find it hard to believe that not one single government has been able to fond proof of one of it actually exists. Again, I’m going by EVIDENCE, of which there IS NONE. I’m not in the habit of placing blame just because I think it to be so. Software is also constantly updated. Who’s to say that Huawei smartphones won’t have updated software to prevent it? Mind you, no device is impenetrable. Um, yeah, because THERE IS NO PROOF. Again, I find it hard to believe that NOT ONE SINGLE GOVERNMENT, with all of the resources that governments have, haven’t found a single backdoor if one exists. The U.S. government is extremely oppressive to people of darker hues, and more controlling than most governments, if not all, through subterfuge or just flat out in the open. Does that mean they have backdoors in American companies tech? Oh wait....never mind. #Cisco Since even you have yet to provide proof of such, along with the governments of the world, I think I’m the one that will be selling that bridge to you. You need the water underneath as well?

20. geordie8t1

Posts: 344; Member since: Nov 16, 2015

Huawei were simply a scapegoat in the US-China trade wars, it was strange how, as the trade wars started to soften, so did the sanctions, and licences became more accessible to people to trade with huawei, The US is still aiming at Drone maker DJI as well claiming back doors in its aircraft and safety concerns, absolute nonsense tbh

1. mackan84

Posts: 716; Member since: Feb 13, 2014

For us common consumers this means little to nothing. We give these companies our interests and habits for free without any authority asking for access. So unless you’re a criminal or listed in Forbes billionaires, you’re very unlikely to be hacked by anything sophisticated. Great for android and even better for ios not being able to ride that wave anymore.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless