FBI Enlists Israeli Firm Cellebrite to Unlock Shooter's iPhone

[CFreymarc]

For an organization with as many resources at its disposal as the FBI, this seems trivial to me. They could make a single purpose machine which does nothing but continually restore the memory and makes password guesses.

Whenever you work with the Fed, you must keep in mind you are deal with people that have government jobs.

From that, never give anyone on a government payroll the benefit of a doubt in expertise as they could not, nor would not take a private position requiring more talent and knowledge.

 

[JamesPDX]

As I said a while back.

What would be safer for everyone?

Apple, under their own total control accessing the data themselves and presenting just the data to the FBI.

Or some third party team working out how to access data on iPhones?

If we presume SOME 3rd party will be able to recover data at some point in time, which of the two scenarios do you feel would be preferable ?

There is always a third party working on this kind of stuff. More than several.

 

[CFreymarc]

Mossad already did. Or rather, they prolly ran it.

15k is actually cheap for the purpose.

You have that right. This outfit has Mossad written all over it.

CIA: Find them, communicate with them, recruit them, kill them as last resort.
MI-6: Find them, communicate with them, kill them if not cooperative
Mossad: Find them, kill them.

 

[Tsuchiya]

Wonder if Apple will take steps to remove Cellebrite devices from stores...

 

[thermodynamic]

On top of all the previous news articles I and others have put links to in the past, get a gander at some of these blasts from the past, and if nothing else read just the first one as it's a doozy:


http://www.watertowndailytimes.com/...-precedent-in-current-privacy-debate-20160221


https://discussions.apple.com/thread/2025600?start=0&tstart=0

http://readwrite.com/2014/12/05/apple-lawsuit-ipod-data-privacy-transparency/

http://blogs.wsj.com/digits/2010/06/22/apple-changes-privacy-policy-to-collect-location-data/

http://www.huffingtonpost.com/2010/12/28/apple-privacy-lawsuit_n_802058.html

http://www.cnet.com/news/lawmakers-ask-apple-to-explain-iphone-app-privacy-policies/

http://www.cnet.com/news/congress-not-happy-with-apples-response-on-privacy-concerns/

http://www.thedailybeast.com/articl...ked-iphones-for-the-feds-70-times-before.html

Articles pretty much say Apple avoided commenting, or put out generic responses that seem to lack the passion of the more recent issue.

Gunman/terrorist issue aside, why has Apple been less wound up over the very lax and insecure development store policies? Because Apple wants control and hates it when someone else has it?
[doublepost=1458779383][/doublepost]

Let's just flush away US taxpayer's money, we have to avoid the court at any cost!

As numerous news articles from the past have shown, Apple's inconsistency is the sole cause of taxpayer money waste. Apart from all the corporate welfare and tax breaks Cook has "earned" from US taxpayers.

tax payers dollars hard at work

Exactly. Apple has led to the sheer waste of much taxpayer money, and not even as corporate welfare anymore but for a dog and pony show.

I really hope they screw up good time.

That's like cheering on criminal and/or terrorist elements, not to mention it effectively screams "IT SUCKS TO BE YOU" to all the families of the people slaughtered by that maniac. Yeah, how nice. How truly nice. Especially as so many news articles over the years on privacy issues have shown Apple to be flip-flopping more than a fish stuck on a dock and yet you give blind obedience to a company that would enjoy you working for them, at 50 cents an hour until you tried to commit suicide out of abject despair (just like the workers in factories it still freely chooses to use instead of setting a better example for human rights.)

http://qz.com/618371/apple-is-openl...-in-china-it-takes-a-very-different-approach/
http://qz.com/332059/apple-is-repor...ess-to-its-devices-for-a-security-assessment/
http://www.zdnet.com/article/if-apple-can-help-china-it-can-help-us-us-doj/

How many more do people need to see to figure it out that Apple doesn't give one whit about the people saying it is doing a good fight. Now maybe the company and its comrades might be fighting for how it can profit from YOUR privacy, but nothing more.

 

[JamesPDX]

Whenever you work with the Fed, you must keep in mind you are deal with people that have government jobs.

From that, never give anyone on a government payroll the benefit of a doubt in expertise as they could not, nor would not take a private position requiring more talent and knowledge.

Government payroll as in the SEALS, DIA, or DARPA? How about 911 operators and ATC workers? Those government workers? How about those aerospace engineers and the scramble-to-air personnel that allow us all to play Angry Birds and post snapshots of our food under an umbrella of general security and well-being. What about those government workers who returned OBL to the soil? Let me ask you this: Your local, publicly-funded fire department: Good idea or bad idea? Think about it.

 

[thermodynamic]

The contract is for $15,000. Thousand.
Do you think their legal expenses for the court case would have been less? (Ignoring that they would have likely lost anyway).

Seems rather inexpensive, considering how huge the whole of the issue is and what led to this current contract. Now maybe the FBI signed a $15k contract with this Celibate firm to do whatever, but let's not ignore how much time and money were already wasted thanks to Apple's song and dance marketing ploy (at least one of the zillion links posted above tells of set precedents not in Apple's favor!)

 

[You are the One]

Two very good articles by Zdziarski:

My Take on FBI’s “Alternative” Method

iOS / OS X and Forensics Trace Leakage

 

[AFDoc]

Now that apple clearly has the upper hand they should push the hell out of this and force the courts to hear the case if that's even possible.
[doublepost=1458780898][/doublepost]

As I said a while back.

What would be safer for everyone?

Apple, under their own total control accessing the data themselves and presenting just the data to the FBI.

Or some third party team working out how to access data on iPhones?

If we presume SOME 3rd party will be able to recover data at some point in time, which of the two scenarios do you feel would be preferable ?

Third party of course..... IF apple was to do this for the government when/where would it ever end? Let's not be naive now to believe it would be "just this one time" as the gov suggests.
[doublepost=1458781319][/doublepost]

Do you honestly have an idea how this works? I don't ask with snark. Genuine curiosity. I read a post yesterday containing a link to some interesting information that disputes the necessity of your one password solution. The assertion in the link was Apple could target that particular phone without compromising the security of all phones. The assumption of a universal password is, at it's best, unrealistic. At it's worst, it's basically fear mongering.

I happen to agree with Apple's stance in principle and policy. But I refrain from "end of iPhone privacy" anecdotes and analogies because I simply don't know enough to comment intelligently. I strongly suspect the vast, vast, vast majority on this forum don't know either. But when has a lack of knowledge actually stopped us from rendering strongly definitive statements as if they are facts.

edit: found it - https://marcan.st/2016/03/untangling-ios-pin-code-security/

There was an article written by a man.....Ill have to try and find it that does forensic stuff for a living and what he said totally undermines your listed story. IF apple was to write such code the defense in any case that code was used to access an iPhone would have to have access to it..... and they would have experts that would break it down ect ect.... so it wouldn't just be apple and the FBI dealing with it but who knows how many "experts" to analyze and scrutinize the code.....
[doublepost=1458781629][/doublepost]

This whole thing will be bad for Apple if it is found you can unlock an iPhone anyways, once again. While I applaud Apple for not caving in to the FBI and offering them a hack tool or backdoor, the fact that an independent party found a way into the phone anyways is pretty bad for Apple.

Apple is too rich a company and has too many people and resources for them to continuously release phones and iOS with security exploits. Apple makes their own hardware, they make their own software, they distribute their own products; why can't this company make their hardware the most secure devices on the planet? Q/A and Security should be Apple's top priorities, not removing headphone jacks and making their phones thinner. If Apple wants to be the champion of people's rights, security and privacy then invest all them billions in obscene profit margins back into the quality of their products, not building grandiose UFO looking headquarters.

While I am sure that momentous effort is going to unlocking this one particular phone and it's not an exploit for the casual hacker, just go on YouTube and see ALL the videos over the years of how people have bypassed the lock screen on the iPhone simply by accessing the camera or panel or something else and poking around a little.

Apple can't be a poser and fight for the people while their products continue to be hackable anyways.

Don't be so silly.... NO phone is 100% secure and never will be. It's just having the resources to put forth the effort to try and get into the devices. Typically there isn't a reason to put so much effort into it unless one is trying to come up with an exploit to jailbreak the phone.

 

[netdoc66]

Update 8:13 AM: As noted by Twitter user @zenalbatross, the FBI signed a $15,000 contract with Cellebrite on Monday.

​

​

Well damn, they work cheap AF.

 

[Freyqq]

This whole situation has been a mess for the FBI. Not only do they get bad publicity, but now Apple is aware of every vulnerability that security experts could think of and have reasonable grounds to patch out every one of them.

 

[hiddenmarkov]

http://qz.com/618371/apple-is-openl...-in-china-it-takes-a-very-different-approach/
http://qz.com/332059/apple-is-repor...ess-to-its-devices-for-a-security-assessment/
http://www.zdnet.com/article/if-apple-can-help-china-it-can-help-us-us-doj/

How many more do people need to see to figure it out that Apple doesn't give one whit about the people saying it is doing a good fight. Now maybe the company and its comrades might be fighting for how it can profit from YOUR privacy, but nothing more.

You like these links....again....this is SOP with dealing with china. If cisco sells stuff in china, they'd have to do the same thing. Juniper (another infrastructure provider on the rise), oracle, M$, etc....this is the cost of business in China. I like my tin foil hats too....I don't have this one. Its ridiculous.

Do you know how many games from the gaming industry have China servers for segmentation. Lots. Its what the chinese ask for and they get it. Want to work with china you have to work behind the great (fire) wall of china.


There is speculation of source code revealing. No facts. You can run security audits with sniffers, log dump analysis and even basic electronics diagnostic gear. Some thing not looking right on ye old oscope. Why is wire shark showing sporadic entries for routes this device should not even be seeing, let alone asking to use.
Apple please do tell...why is sys logging showing an application that doesn't even appear to be installed firing up for no apparent reason every 5 minutes.

This is how you find malicious code with no source code at all. trap code doesn't yell I am here I am here if its written well. This is why malware gets released daily. Code doesn't say crap like (in pseudocode)

function leak_data
send data to my awesome hack server
end function.

Its coded to avoid AV/AS heuristic algorithms that looks for blatant crap like this.

This is how you get day 1 attacks. They aren't found with code reviews. Its new and different code, its gotten by the heuristic algorithms. They are found by network managers wondering wtf is up with the network scans and why are we sending so many packets to an IP address never ever seen before and one we have no business going to.

 

[adamneer]

On top of all the previous news articles I and others have put links to in the past, get a gander at some of these blasts from the past, and if nothing else read just the first one as it's a doozy:


http://www.watertowndailytimes.com/...-precedent-in-current-privacy-debate-20160221

This article, incredibly vaguely, states Apple agreed in 2008 that the All Writs Act could could be used, to some degree, in (unspecified) matters involving assisting the FBI in data acquisition. By no means does this imply that Apple expressed agreement that the AWA could be used all-encomppasingly to compel an entity to perform any and all services demanded by the FBI. If this article is what you find most incriminating to Apple's defense, I can only imagine what liberties you've taken with the rest of them to fit within your narrative. If my brother asks me for $5 one day and I say, "fine, you can have $5 because you're my brother", he can't reasonably demand $500 from me later, on account of the "precedent" I formerly "established".

Just out of curiosity, do you feel that cigarettes should be legal, despite being responsible for over 400,000 American deaths per year? Is smoking a right of choice that we deserve and data privacy not?

 

[deany]

On top of all the previous news articles I and others have put links to in the past, get a gander at some of these blasts from the past, and if nothing else read just the first one as it's a doozy:


http://www.watertowndailytimes.com/...-precedent-in-current-privacy-debate-20160221


https://discussions.apple.com/thread/2025600?start=0&tstart=0

http://readwrite.com/2014/12/05/apple-lawsuit-ipod-data-privacy-transparency/

http://blogs.wsj.com/digits/2010/06/22/apple-changes-privacy-policy-to-collect-location-data/

http://www.huffingtonpost.com/2010/12/28/apple-privacy-lawsuit_n_802058.html

http://www.cnet.com/news/lawmakers-ask-apple-to-explain-iphone-app-privacy-policies/

http://www.cnet.com/news/congress-not-happy-with-apples-response-on-privacy-concerns/

http://www.thedailybeast.com/articl...ked-iphones-for-the-feds-70-times-before.html

Articles pretty much say Apple avoided commenting, or put out generic responses that seem to lack the passion of the more recent issue.

Gunman/terrorist issue aside, why has Apple been less wound up over the very lax and insecure development store policies? Because Apple wants control and hates it when someone else has it?
[doublepost=1458779383][/doublepost]

As numerous news articles from the past have shown, Apple's inconsistency is the sole cause of taxpayer money waste. Apart from all the corporate welfare and tax breaks Cook has "earned" from US taxpayers.





Exactly. Apple has led to the sheer waste of much taxpayer money, and not even as corporate welfare anymore but for a dog and pony show.



That's like cheering on criminal and/or terrorist elements, not to mention it effectively screams "IT SUCKS TO BE YOU" to all the families of the people slaughtered by that maniac. Yeah, how nice. How truly nice. Especially as so many news articles over the years on privacy issues have shown Apple to be flip-flopping more than a fish stuck on a dock and yet you give blind obedience to a company that would enjoy you working for them, at 50 cents an hour until you tried to commit suicide out of abject despair (just like the workers in factories it still freely chooses to use instead of setting a better example for human rights.)

http://qz.com/618371/apple-is-openl...-in-china-it-takes-a-very-different-approach/
http://qz.com/332059/apple-is-repor...ess-to-its-devices-for-a-security-assessment/
http://www.zdnet.com/article/if-apple-can-help-china-it-can-help-us-us-doj/

How many more do people need to see to figure it out that Apple doesn't give one whit about the people saying it is doing a good fight. Now maybe the company and its comrades might be fighting for how it can profit from YOUR privacy, but nothing more.

Rubbish, I ABHOR terrorist like any sane human being.

My heart also goes out to anyone effected by their sad, mad, twisted ways.

How dare you suggest otherwise.

Tim Cook is right when he says the U.S. founding fathers "would be appalled" by a Department of Justice request to unlock the encrypted iPhone.

As previous posted by 'haydn!'

“they always knew they could do it without Apple's help but took this opportunity to fuel a political agenda, and use terrorism as a way to turn the public against the technology companies and data encryption.”

They have been involved with Cellebrite for a while now apparently.

They should be concentrating more on their ridiculous gun laws (especially if they don't care about keeping the U.S. founding fathers 'happy').
Also do something about the appalling treatment of prisoners in solitary confinement many with mental illnesses - being treated like animals, caged for 23 hours a day, utterly disgraceful. Often for something they didn't do http://www.independent.co.uk/news/w...torture-in-solitary-confinement-10307220.html
Just like the Israeli Mordechai Vanunu was treated inhumanely for all those years.
They should be asking for Mordechai's release from Israel if they want to be the 'Worlds Police Force', and be seen to do what's right.

"he was kept in a cell measuring eight by 12 feet with just one hour of exercise or solitary recreation a day."....for 43 years
CAGED FOR 23 HOURS A DAY- JUST LIKE THE OTHER 100,000+ PRISONERS IN AMERICA.

......O'er the land of the free.........THE Star-Spangled Banner, lyrics last line.

 

[attila]

That's a lot of time and effort for a randoms shooter who wasn't even close to a lieutenant of a terrorist organisation.

 

[kdarling]

Now that apple clearly has the upper hand they should push the hell out of this and force the courts to hear the case if that's even possible.

It doesn't sound like Apple has the upper hand.

If the third party solution works, Apple is out of the decision loop entirely. Worse, the mass public now thinks/knows that their iPhone is breakable by outside entities

IF apple was to do this for the government when/where would it ever end? Let's not be naive now to believe it would be "just this one time" as the gov suggests.

Got a link to where the government itself said it was "just this one time"?

There was an article written by a man.....Ill have to try and find it that does forensic stuff for a living and what he said totally undermines your listed story. IF apple was to write such code the defense in any case that code was used to access an iPhone would have to have access to it..... and they would have experts that would break it down ect ect.... so it wouldn't just be apple and the FBI dealing with it but who knows how many "experts" to analyze and scrutinize the code.....

For the umpteenth time: the code does not matter. Especially any source code changes, which would mostly consist of commenting out the limit checks. Big whoop. Any kid could do those.

All that matters is if Apple's public facing update servers will sign a version so that it can be installed. If Apple had made the mods and kept it in-house, there'd be no way for even a leaked version to be used.

 

[dk001]

Apple. They should've helped right from the outset.

If another September 11 type scenario occurs and an iPhone is found at the scene, watch Apple's stocks take a huge dive.

Let's look at that statement. Assume the target is another infrastructure financial public pride target like the Twin Towers.
Lots of business type folks. Odds are there will be a number of iPhones around. All encrypted.

Now... your point?

Aside from the fact it could likely be running ProtonMail or Wickr or...
[doublepost=1458824854][/doublepost]

I don't know about the stocks, but this is all playing out against the attacks in Brussels. If attacks similar to Brussels or Paris happened here; some of the conspirators remained on the loose; and the FBI wanted an iPhone unlocked that belonged to one of the attackers -- I don't think Apple's position would have as many defenders as it does in the present case (due the way some people have been trying to "rationalize away" the particular circumstances of the San Bernadino attacks).

No point in getting into hypotheticals, and I do understand Apple's refusal to comply -- but I find Apple/Cook's PR on this issue to be distasteful, and not mindful/respectful of the very real and weighty issues involved on the "other side."...

This is the one aspect I still just don't get.
Unlocking a device is reactive. For prevention the primary aspect must be preventive or proactive. Having Apple (or Google or Microsoft or ...) unlock/decrypt a device is a reactive stance and primarily useless. Except as an applaud for the terrorists as they forced us to curtail freedoms. As intended.

Unless you go with the general thought of Stage 2 FBI request for SpyOS or CamOS or ...

Apple did the correct thing. Nip it in the bud and keep it there.
[doublepost=1458825419][/doublepost]

Government payroll as in the SEALS, DIA, or DARPA? How about 911 operators and ATC workers? Those government workers? How about those aerospace engineers and the scramble-to-air personnel that allow us all to play Angry Birds and post snapshots of our food under an umbrella of general security and well-being. What about those government workers who returned OBL to the soil? Let me ask you this: Your local, publicly-funded fire department: Good idea or bad idea? Think about it.

Folks tend to look at the squeaky wheel or the glory hogs and assume (gotta love that definition) that the entire bucket is composed of crabs.

 

[B2k1977]

If they do manage to unlock it, it really wouldn't surprise me if they find absolutely nothing - and then to avoid embarrassment they plant information regarding the Brussels bombing on the phone just to cover their asses, shift the public's opinion in order to set a future precident and also make Apple look like asses, all in one fell swoop.

JUST YOU WAIT! That would be dishonest! the U.S. Government would never do such a thing!

 

[Tech198]

"Should you choose to accept this mission..."

The FBI will accept ... They already got the money down

But if it doesn't work, then it would be an expensive loss...

FBI pulled a fast one on Apple, but they should of done this instead.. Thought the FBI was more clever than this...

JUST YOU WAIT! That would be dishonest! the U.S. Government would never do such a thing!

Like when they went after Apple even though the FBI "knew" very well they could get in without Apple's help ?

They've been cracking phones for years........ but when faced with an iPhone they act 'dumb' ? The government must think we are stupid..

 

[997440]

....
Tim Cook is right when he says the U.S. founding fathers "would be appalled" by a Department of Justice request to unlock the encrypted iPhone
....

[Not sure that the above 'appalled' quote is an actual Cook quote. I've only found that it can be attributed to a brief generated by Apple Inc.]

Founders appalled that the DoJ would participate in a lawful process, rather than thumbscrews, to gather evidence? I don't think so; even to those who would be agreeable to an outcome that favored Apple. It's not likely they'd be appalled at Apple's contradictory political behavior either -- Apple does advocate for the initiation of the use of government force to achieve policies it favors. That those policy ends deprive others of liberty is seemingly of secondary importance to Apple's feeling of a policy's 'rightness'.

The Founders wrote extensively on the eventual loss of liberty, which would result from the piecemeal thefts of it, to satisfy emotional appeals. Who holds the greater guilt here?

The DoJ and the FBI? There are some bogeymen within their ranks, as are everywhere, but they're mostly good people following their respective charters. They work within the rules governing them as aggressively as they can. I've done the same on any job I've done. And yes, sometimes their job requires them to investigate and apprehend the worst, and the worst of the worst, among us. I thank and say to them -- don't take on any unearned guilt from the unfair words that have been thrown your way throughout this.

Or, is it Apple and the citizenry as a whole? The DoJ's and FBI's general behaviors are largely determined by the Constitution and by the voter's representatives, whether executive, legislative or judicial. As protective of individual rights as the Constitution is, those individual rights still require an ongoing, sober, objective defense, even when the ends of any particular law seem 'right' and 'compassionate' to N amount of people. It's a decision each voter makes at each election, even when they've chosen to not think at all about (or obfuscate) their part in it.

I'm not persuaded by Apple's situational embrace of individual rights and the Founders. If it's truly an embrace, I welcome it. It shouldn't take too long to find out.

 

[mpavilion]

This is the one aspect I still just don't get.
Unlocking a device is reactive. For prevention the primary aspect must be preventive or proactive. Having Apple (or Google or Microsoft or ...) unlock/decrypt a device is a reactive stance and primarily useless. Except as an applaud for the terrorists as they forced us to curtail freedoms. As intended.

It's "useless" to get information like this, as part of investigating a crime? How do you think investigation works (and has always worked)?

 

[dk001]

It's "useless" to get information like this, as part of investigating a crime? How do you think investigation works (and has always worked)?

You miss the point. An investigation is "post event" when the predominance of anti-terrorism is "prevention".
As a data need for an investigation, I agree. Unfortunately an investigation is a failure analysis as it "failed" to prevent the incident(s).
Analyzing a phone in possession after an event should not be the main thrust of the FBI. There are many more places the same data can be garnered.
[doublepost=1458843877][/doublepost]For those who want to see how fundamentally underhanded the FBI/DOJ is, check out the recent article on ARS. The original is in the WSJ however that requires a subscription for the full article.
http://arstechnica.com/tech-policy/...-apple-about-terrorism-not-setting-precedent/

Personally I came away with a serious WTF on Directory Comey's comments.

 

[CFreymarc]

Government payroll as in the SEALS, DIA, or DARPA? How about 911 operators and ATC workers? Those government workers? How about those aerospace engineers and the scramble-to-air personnel that allow us all to play Angry Birds and post snapshots of our food under an umbrella of general security and well-being. What about those government workers who returned OBL to the soil? Let me ask you this: Your local, publicly-funded fire department: Good idea or bad idea? Think about it.

Was waiting for that. All can be privatized and run much more efficiently on government contract with competitive bids.

 

[JamesPDX]

Haliburton and Veolia. Got it.
http://www.inthepublicinterest.org/...-contracting-fails-governments-and-taxpayers/
http://www.inthepublicinterest.org/...-contracting-fails-governments-and-taxpayers/

 

[stylinexpat]

Ah Cellebrite, the company whose website mysteriously disappeared a few weeks ago (I was looking into them because of mentions of the company in certain leaked documents) but has a long history of building and selling the equipment for security states around the world.

They played a role in the systems used during the Arab Spring, the uprising in Tunisia, etc. This is a company who's products for surveillance are sold indiscriminately to dictators around the world to dragnet their citizens.

Good to see who the US security apparatus is in bed with.

There are always those who are willing to stir the pot. Apple should think twice in the future to whom they do business with and whom they appoint to work for them. Those with dual nationalities from Israel could pose a huge security risk for Apple as you never know which could have been hired to work for them as spies to gather intelligence. Apple should have stricter hiring rules in the future.