Scottish Police to Unlock Smartphones Using Cellebrite Cyber Kiosks
While Apple and the FBI are once again at odds over unlocking a criminal’s iPhone—a task law enforcement has struggled to accomplish—Scottish police are not facing such difficulties. It has been announced that Scotland’s police force is officially adopting Cellebrite’s technology and will soon install 41 specialized “cyber kiosks” in police stations across the country. The rollout of these terminals is set to begin today, January 20, and is expected to be completed by the end of May 2020.
Cellebrite, an Israeli company, is an independent cyber forensics firm specializing in extracting data from mobile devices. A few years ago, Cellebrite was considered a leading candidate to assist the FBI in unlocking a terrorist’s iPhone. Although the FBI ultimately used other experts, Cellebrite’s candidacy was well-founded, as the company has long collaborated with American law enforcement, who pay Cellebrite millions of dollars for their services.
There are at least two similar solutions on the market—Cellebrite and GrayShift—both claiming their tools can bypass lock codes and extract data from any iPhone model running the latest or older versions of iOS.
How the Cyber Kiosks Will Be Used
Scottish police will soon use Cellebrite’s solutions on a regular basis. Computers worth a total of £370,000 will be used to access data from locked iOS and Android phones during criminal investigations. Selected officers will be able to use the cyber kiosks, when appropriate, to examine confiscated devices and determine whether the data is relevant to specific investigations and if the devices need to be sent to a lab for further data extraction. No copies of the data will be stored on the kiosks themselves.
How Smartphone Unlocking Works
The process of unlocking smartphones varies depending on the combination of hardware, operating system, and its version. It’s essentially an arms race—Apple and Google regularly patch vulnerabilities used in such attacks. Cellebrite claims that, in some cases, its equipment copies its own bootloader into the device’s RAM and runs it to bypass security mechanisms. In other cases, such as with Android devices, Cellebrite’s solutions attempt to gain root access. The equipment can also exploit firmware vulnerabilities, including on iOS devices, to fully extract data.