Security experts warn: All smartphones are not secure

Accordingly, recent discoveries of Cellebrite Premium software, a powerful forensic tool designed to extract and analyze data from smartphones, have clearly demonstrated that modern devices, seemingly safe, can be easily exploited.

The software has been widely used by law enforcement agencies and security organizations to collect information from locked or encrypted smartphones.

The tool came to the fore after the FBI used it to hack the phone of a suspect who attempted to assassinate Donald Trump, completing the process in just 40 minutes.

This event not only highlights Cellebrite's superior capabilities, but also raises concerns about the true security of devices that we still consider "unhackable".

Recently, a report from Amnesty International criticized the Serbian government for using this product to illegally hack into the personal mobile phones of the organization's journalists and activists.

These are just a few examples of how easily mobile devices can be exploited. Group-IB raises urgent questions about transparency and user safety.

"Recent findings show that smartphone manufacturers often downplay or hide security vulnerabilities. This exposes both individuals and businesses to risks such as data breaches, identity theft and corporate espionage," Group-IB said in a report.

Advanced forensic tools have revealed the disturbing fact that most modern smartphones are at risk of having their data extracted just after being unlocked for the first time.

“Not only are older devices vulnerable, but even the latest smartphone models are not immune,” the Group-IB report stressed. “Unfortunately, every user of a modern smartphone running Apple iOS or Google Android is at risk of being compromised.”

What can phone unlocking tools do?

Cellebrite's newly added features can jailbreak iPhones, applicable to devices running iOS versions 12.5 to 17.2.1. This allows access to locked devices without knowing the password.

Additionally, the update also expands support for jailbreaking the Samsung Galaxy S24 series, including models using Qualcomm and Exynos processors, allowing the tool to extract data from more high-end Android devices.

Notably, the tool even jailbreaks new smartphone models, including the Pixel 8 series and the iPhone 15 series. The vendor specifies that the latest smartphones are vulnerable after the first unlock.

Another mobile phone unlocking and data retrieval tool, GrayKey, can also partially access any iPhone running iOS 18 or earlier. However, according to Group-IB, the tool struggles when faced with the latest iOS updates.

Notably, GrayKey has shown that all Google Pixel devices are vulnerable to attack immediately after the first unlock, creating a serious security hole for users.

“Older devices, such as the iPhone X and earlier devices, have very large vulnerabilities and can be easily exploited,” Group-IB researchers said.

Despite advanced encryption technologies, modern devices are still vulnerable to attack. In fact, even the latest devices are vulnerable to attack, especially when in After First Unlock (AFU) mode.

Even the most secure smartphones can be exploited when stolen or lost, researchers warn.

How can users protect themselves?

Cellebrite and other tools have the potential to expose smartphone users to a variety of risks, including data breaches, identity theft, evidence tampering, or even corporate espionage.

Group-IB recommends that iOS users enable lock mode as it limits the ability to exploit and upgrade smartphone hardware as often as possible.

Android users should opt for secure phones like the Google Pixel 8 and newer devices, especially those with security features built into new processors to protect personal data from security threats.

Group-IB recommends: "Experienced users may consider using a custom OS to switch from after first unlock (AFU) to before first unlock (BFU), while also ensuring the bootloader is locked for added security."

Manufacturers should enhance hardware security by allowing the smartphone's connection ports to be completely disabled when the device is in lock mode (allowing charging only), thereby protecting the port's hardware and interrupting all data transmission, ensuring the device's safety from intrusion threats.

Additionally, manufacturers should learn from Apple by implementing a feature that switches smartphones to pre-unlock mode after a shorter period of inactivity, which enhances security and prevents potential risks.

"It is necessary to strengthen bootloader security by detecting and fixing vulnerabilities and ensuring that these are reported promptly. Some older smartphone models can be attacked using password brute force to crack passwords, so implementing the minimum password length recommendation is important to prevent this risk," Group-IB stressed.

Finally, users need to upgrade their biometric security systems and anti-theft mechanisms, ensuring they can provide a stronger level of protection.