Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
69,114
40,139



Israeli mobile software developer Cellebrite is helping the FBI in its attempt to unlock the iPhone at the center of the San Bernardino shooter investigation.

That's according to a story filed by Reuters this morning, based on a report in Wednesday's copy of Israeli daily newspaper Yedioth Ahronoth. If the software company succeeds then the FBI will no longer need the help of Apple, the report claimed, citing unnamed industry sources.

According to its website, Cellebrite offers "mobile forensics solutions" which "give access to and unlock the intelligence of mobile data sources to extend investigative capabilities, accelerate investigations, unify investigative teams and produce solid evidence".

Cellebrite-800x171.jpg

Apple and the U.S. government have been embroiled in a heated public battle that started when a court ordered Apple to help the FBI unlock the iPhone 5c of terrorist Syed Farook. Unlocking the iPhone would require Apple to build a new version of iOS that bypasses iPhone passcode restrictions and provides the FBI with a way to enter passcodes electronically, something Apple has staunchly refused to do.

On Monday, the U.S. Justice Department convinced the court overseeing its ongoing battle with Apple to postpone a hearing scheduled to take place March 22. The DoJ said new leads had been discovered that could provide it with a way to unlock the iPhone 5c used by San Bernardino shooter Syed Farook without involving Apple.

Various commentators on the case have cast doubt on the FBI's original claim that it had exhausted all avenues in its attempt to unlock Farook's iPhone and a number of ideas have been floated in the media by security experts. The most likely attack was set out in a March 7 blog post by the American Civil Liberties Union (ACLU), which directly called into question the FBI's initial assertion that it had no means of extracting the iPhone's data.

iphone5c4-800x696.jpg

The process described by UCLA technology fellow Daniel Kahn Gillmor uses a technique called NAND mirroring to copy the portion of the phone's memory that counts the number of passcode attempts entered. By continually restoring the copy, the FBI could thereby circumvent the limit on the number of passcode guesses that can be made before the device is rendered permanently inaccessible.

Another, more risky - not to mention laborious - method is an invasive microchip attack known as "de-capping". This involves removing and de-capsulating the phone's memory chip, carefully drilling down into it using a focused ion beam to expose the portion of the chip containing the target data (in this case, the iPhone's unique ID and passkey algorithm) and then probing it, micron by micron, to extract the information.

The latter could then be used in an off-device "brute-force" attack on the passcode that would be able to try all possible combinations without running up against the iPhone's guess limit.

The judge involved in the high-profile California case has agreed to vacate the March 22 hearing and requested that the government provide an update on its progress by April 5. The motion requiring Apple to help the FBI lock the iPhone was suspended.

In a conference call with reporters on Monday, Apple said it would insist on obtaining details about the exploit the FBI plans to use should the government keep the case going. If the case is dropped, Apple will not be able to ask for that information.

Update 8:13 AM: As noted by Twitter user @zenalbatross, the FBI signed a $15,000 contract with Cellebrite on Monday.

cellebrite_contract.jpg

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: FBI Enlists Israeli Firm Cellebrite to Unlock Shooter's iPhone
 
Ah Cellebrite, the company whose website mysteriously disappeared a few weeks ago (I was looking into them because of mentions of the company in certain leaked documents) but has a long history of building and selling the equipment for security states around the world.

They played a role in the systems used during the Arab Spring, the uprising in Tunisia, etc. This is a company who's products for surveillance are sold indiscriminately to dictators around the world to dragnet their citizens.

Good to see who the US security apparatus is in bed with.
 
Ah Cellebrite, the company whose website mysteriously disappeared a few weeks ago (I was looking into them because of mentions of the company in certain leaked documents) but has a long history of building and selling the equipment for security states around the world.

They played a role in the systems used during the Arab Spring, the uprising in Tunisia, etc. This is a company who's products for surveillance are sold indiscriminately to dictators around the world to dragnet their citizens.

Good to see who the US security apparatus is in bed with.

Yes the US government are not exactly pushing to allow badly done to Mordechai Vanunu release from Israel.

Yet I bet if Belize wanted to question John McAfee they would say 'NO WAY'.

One rule for one another rule for the rest of the world.
 
As I said a while back.

What would be safer for everyone?

Apple, under their own total control accessing the data themselves and presenting just the data to the FBI.

Or some third party team working out how to access data on iPhones?

If we presume SOME 3rd party will be able to recover data at some point in time, which of the two scenarios do you feel would be preferable ?
 
As I said a while back.

What would be safer for everyone?

Apple, under their own total control accessing the data themselves and presenting just the data to the FBI.

Or some third party team working out how to access data on iPhones?

If we presume SOME 3rd party will be able to recover data at some point in time, which of the two scenarios do you feel would be preferable ?

3rd party for sure.. In that case, Apple can always work towards securing future versions of iOS and iPhone. Once they start going down the path of helping the government there is no turning back.
 
As I said a while back.

What would be safer for everyone?

Apple, under their own total control accessing the data themselves and presenting just the data to the FBI.

Or some third party team working out how to access data on iPhones?

If we presume SOME 3rd party will be able to recover data at some point in time, which of the two scenarios do you feel would be preferable ?

One will invariably lead to the other. So order does not matter.
 
As I said a while back.

What would be safer for everyone?

Apple, under their own total control accessing the data themselves and presenting just the data to the FBI.

Or some third party team working out how to access data on iPhones?

If we presume SOME 3rd party will be able to recover data at some point in time, which of the two scenarios do you feel would be preferable ?
Neither. Your first statement assumes Apple only needs to unlock this phone and can keep the code a secret while in reality that code has to be made public in order for defenders of suspects to check if nothing in the code was made that purposefully blames a suspect. The 3rd party in your second statement could be anybody, good or bad guys.
 
  • Like
Reactions: Kal-037 and amirite
The process described by UCLA technology fellow Daniel Kahn Gillmor uses a technique called NAND mirroring to copy the portion of the phone's memory that counts the number of passcode attempts entered. By continually restoring the copy, the FBI could thereby circumvent the limit on the number of passcode guesses that can be made before the device is rendered permanently inaccessible.

For an organization with as many resources at its disposal as the FBI, this seems trivial to me. They could make a single purpose machine which does nothing but continually restore the memory and makes password guesses.
 
The feds assume that the shooter (or the company that he worked for) didn't create and install a Configuration Profile which changes the number passcode attempts before the device automatically wipes itself?! If they assume the default of 10, and restore the NAND after each tranche of 9 attempts, they could brick it after say 5 goes!
 
As I said a while back.

What would be safer for everyone?

Apple, under their own total control accessing the data themselves and presenting just the data to the FBI.

Or some third party team working out how to access data on iPhones?

If we presume SOME 3rd party will be able to recover data at some point in time, which of the two scenarios do you feel would be preferable ?

The second. You have no idea how this works.

You know how you shouldn't use the same password on every website, because then if it's compromised once, it's compromised everywhere? Same deal with this. If Apple made one password that unlocked every iPhone, then the moment one person figures it out, they've compromised every iPhone.

Further, anyone who wants to hack the iPhone to get that secret password would be able to legally buy an iPhone and do whatever they want with it to figure out that universal secret password.
 
Yeah... that's what I knew this was about. Remember when Netanyahu invaded Apple headquarters and Tim Cook just let him right in? That was a takeover. It had been brewing for years - they always had their sights on Apple. I don't know how Steve Jobs managed to keep them at bay - but he did. Then when he died they got their chance to monopolize it, and they did.

Say what you want - you know it's true.
 
Last edited:
  • Like
Reactions: julescilib
Israeli mobile software developer Cellebrite is RUMORED TO BE helping the FBI in its attempt to unlock the iPhone at the center of the San Bernadino shooter investigation.

There, MacRumors, I fixed it for you. Oh, and it’s San Bernardino not San Bernadino. Sheesh!
 
As I said a while back.

What would be safer for everyone?

Apple, under their own total control accessing the data themselves and presenting just the data to the FBI.

Or some third party team working out how to access data on iPhones?

If we presume SOME 3rd party will be able to recover data at some point in time, which of the two scenarios do you feel would be preferable ?
Third party. Definitely.
 
As I said a while back.

What would be safer for everyone?

Apple, under their own total control accessing the data themselves and presenting just the data to the FBI.

Or some third party team working out how to access data on iPhones?

If we presume SOME 3rd party will be able to recover data at some point in time, which of the two scenarios do you feel would be preferable ?

I said a similar thing. I would rather it be Apple and have a controlled "break in." But that's just me...
 
This was just a matter of when, never was a matter of if. I think we're especially "lucky" in this case to have public knowledge of the govt actively seeking a way to back door break into our phones.

Glad Apple stuck to their guns...can't stop the inevitable, but at least they didn't bow down and hand over the keys.
 
  • Like
Reactions: Wondercow
For an organization with as many resources at its disposal as the FBI, this seems trivial to me. They could make a single purpose machine which does nothing but continually restore the memory and makes password guesses.

Because you’re an expert on these matters? You read it on the Internet so it must be true? Which is it?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.