What you need to know
- A government report details its capabilities in breaking phone encryption and acquiring data.
- All iOS devices are effectively crackable.
- Popular Android devices can be cracked but only select models.
While the FBI wages a court battle against phone manufacturers, our friends at Vice have found an interesting report from the Science and Technology branch of the Department of Homeland Security that shows the government is already quite capable of cracking your phone's security. The most recent round of testing involved tools from security company Cellebrite, and many other companies offer cracking tools with similar records for success.
The good news is that the diversity of Android devices may be a saving grace in keeping the phone secure. While the government reports that nearly all iPhone models since the iPhone 4S can be broken into, the list of possible Android targets is a bit more hodge podge and shifting. At publishing time, Cellebrite claims it can get into such recent flagships as the Samsung Galaxy S10 and Galaxy Note 10, but high end devices from Huawei and Motorola are causing problems. Also the company specifically calls out "high-end" phones, so it seems the variety of software builds and the incremental update status on Android devices creates too many variables for one across-the-board solution.
"Some of the newer operating systems are harder to get data from than others. I think a lot of these ... companies are just trying to make it harder for law enforcement to get data from these phones ... Right now, we're getting into iPhones. A year ago we couldn't get into iPhones, but we could get into all the Androids. Now we can't get into a lot of the Androids." — Detective Rex Kiser, Fort Worth Police Department
As noted, the security landscape is shifting with constant updates, so the phones that are secure today may be vulnerable tomorrow, or could be already vulnerable in ways that have not been made public. Even on phones that were unlockable, not all of the data was available and reliable, and the NIST reports some partial failures. The governemnt also did not detail attempts to break into the stream of an end-to-end encrypted conversation on a messaging app like WhatsApp, only the ability to gain access to the phone's storage.