U.S. public schools are acquiring forensic tools meant for police and military use to hack into student and faculty iPhones across the U.S.
Apple places privacy and security above all else when designing the iPhone, yet government facilities and institutions like the FBI continue to seek backdoors for "the greater good." Despite pressure from the United States and Australian governments, among others, Apple has not broken its encryption or created a back door.
Companies like Cellebrite seek to profit from this dilemma by finding new vulnerabilities and hacks to bypass iPhone security. They package these vulnerabilities into devices called "mobile device forensic tools" or MDFTs and sell them for a big profit, mostly to law enforcement and other governmental agencies.
While police and the FBI have been known to deal with Cellebrite and other companies, the desire to break into iPhones is spreading. A report from Gizmodo says that several public school districts have begun purchasing the tools to use on students and faculty.
Cellebrite made headlines after the 2016 San Bernardino shooting when it was discovered that the FBI had purchased at least $2 million worth of Cellebrite products since 2012. Multiple police stations around the U.S. are also on record for possessing the forensic units in order to break into criminal's smartphones.
The school systems investigated have spent thousands on different forensic tools. Given existing precedent on student rights on a school's grounds, in most states, as long as the faculty have reasonable suspicion that a student is performing illegal activities they can search a student's phone. It is unknown if parents are being made aware of the capability in districts that possess the devices.
One such case in 2016 says a student granted the school access to their phone for a search. The phone was plugged into a Cellebrite machine and investigators were able to discover deleted text messages between the student and teacher, which lead to an arrest.
While cases like these occur, giving public schools unilateral access to forensic tools without oversight could lead to the invasion of hundreds of thousands of students privacy for the sake of "security." Due to laws surrounding the public school system students are not necessarily protected by the fourth amendment, and can be subject to search and seizure without due process.
"Cellebrites and Stingrays started out in the provenance of the U.S. military or federal law enforcement, and then made their way into state and local law enforcement, and also eventually make their way into the hands of criminals or petty tyrants like school administrators," says Cooper Quentin, senior staff technologist at the Electronic Frontier Foundation. "This is the inevitable trajectory of any sort of surveillance technology or any sort of weapon."
Concerns have been raised over this new development, surrounding school discipline, and approved staff who can use the device, and for what reasons. The lack of oversight on these phone penetration tools can prove to be serious attacks on student privacy and welfare.
Cellebrite and other forensic tools are only as good as the exploit they use to break into a device. With the proper device security, users can make it very difficult for such tools to work. Measures that smartphone users can take to lengthen the penetration process include use of an alphanumeric passcode, users disabling biometrics before handing over a phone, and enabling the ability for the phone to reset itself after 10 failed access attempts.