Just as expected. It’s common for Cellebrite to fall a few months behind with the latest iOS releases.
3 Likes
Wonder what available in CAS means 
It’s you FedEx-ing it to them.
Located in 10 secure labs around the world, we help advance your most challenging cases wherever you may be.
https://cellebrite.com/en/advanced-services/
https://cellebrite.com/en/cas-supported-devices/
https://9to5mac.com/2022/02/10/cellebrite-kit-cant-unlock-iphones/
1 Like
I need a ELI5 for this
What does AFU mean and how do I read/understand this table?
If your phone has been unlocked even once after turning it on, then you’re fucked.
AFU stands for after first unlock.
BFU stands for before first unlock.
AFU in this table means that if your phone was unlocked even once after a reboot or after just turning it on, they can extract all the data from that device.
2 Likes
Ah! I see.
But what if your data is within encrypted apps like encrypted cloud storage apps or things of that nature?
If you’re logged in into those, you’re screwed.
Got it! Thank you for clarifying.
Isn’t that the state in which Pixels are also most vulnerable, hence GOS’ auto-reboot being a thing? Bit misleading of Cellebrite to say “oh yeah we can do locked devices (as long as it’s AFU 
)”
Yeah but they can’t unlock GOS in AFU, someone showed the screenshot but I gotta find it again.
Love that they have a dedicated GOS section, they’re really feeling the pressure from it.
2 Likes
This chart shows they also can’t unlock stock Android in BFU or AFU, to be fair.
They really put in “uh but but we can on 2022 updates!!” on the Pixel 8 series that… wasn’t out until 2023 
1 Like
It says FFS for AOSP but for GOS it’s only up to 2022.
Yes, and FFS has nothing to do with unlocking the device. They can perform a filesystem extraction, but the encrypted data they extract remains encrypted unless they are able to obtain the decryption key, which they can not do without knowing your passcode beforehand regardless of your OS.
This is also the case in the iOS chart, where they are unable to brute force the passcode on anything newer than an iPhone 11, in case anyone is misinterpreting this data.
Edit: To be completely clear for readers, in the extraction they would be able to see data not protected by File-Based Encryption, so they’d gain limited insight in to things like what apps you have installed, some information about the OS, that sort of thing. For encrypted data it depends on the encryption class used by the developer, probably.
5 Likes
In regards to CAS does it mean that they can do a FFS on iphone 15 or can they actually get into it? I’m more referring to the iphone 15 being in BFU.
It doesn’t mean anything, we don’t know what their capabilities are from this document.
Ah right. Any iphone could technically fall under CAS then. Thank you for the very quick reponse, much appreciated.
They can exploit all AFU devices, but not a Google Pixel 6 or later with GrapheneOS. This is the case even if auto-reboot didn’t exist.
If you have a 6-digit PIN on your iPhone 12 or later, then you’re fine. At least when it comes to Cellebrite, XRY, etc.
But three later agencies, such as the NSA, etc., are a different thing, and their capabilities are unknown. That’s why GrapheneOS is still working very hard on features like biometric unlock + a PIN as a 2FA.
They can extract the FFS (full file system) of Pixel devices, but this info will be mostly encrypted. That’s why under that section it says “BF: NO”.
AKA: They can’t brute force the password to decrypt the files.
Additionally these charts only apply to default settings.