UPDATE: After publishing this story, I consulted a technology reporter who wrote yesterday that the “third party” referred to by the FBI who can hack the iPhone is “not known.” When I wrote to her about the Yediot and AP claims that Cellebrite is the third party, she explicitly said this is not true. Cellebrite (she said) is not the company which the FBI mentioned. So read the following with this caveat in mind.
In an exclusive story, Yediot Achronot reports (Hebrew) that the Israeli high-tech company, Cellebrite, is the “third party” referred to by the FBI in a court filing, which offered to hack Syed Rizwan Farouk’s iPhone, so that the agency doesn’t need to compel Apple to do it. The report doesn’t make clear whether the Israeli company has succeeded in cracking the phone’s encryption. But it seems likely the FBI would not have announced a postponement in its case against Apple unless it was fairly confident it had a solution to the problem.
If true, this would be yet another example of Israel’s military-intelligence technology being used to penetrate the privacy of terrorists and average citizens world-wide. Indeed, Cellebrite, along with almost all other Israeli high tech companies recruits veterans of the IDF’s SIGINT Unit 8200. This is the entity which spies on Israel’s adversaries around the world, hacks into their code and infrastructure. Among other feats, it was largely responsible (in a partnership with the NSA) for the Stuxnet virus which attacked Iran’s nuclear centrifuges.
NRG notes the exceedingly close relationship between Unit 8200 and Cellebrite in particular. In an article describing 8200’s annual veteran’s reunion, the company’s CEO praised it:
“Veterans of the Unit bring with them a certain type of knowledge which is learned and about which he may not elaborate. For them [the veterans] this brings added benefit relative [to other job candidates].
Cellebrite specializes in forensic analysis of cell phone data:
Cellebrite is a global company known for its breakthroughs in mobile data technology, delivering comprehensive solutions for mobile forensics and mobile lifecycle management.
Cellebrite mobile forensics solutions give access to and unlock the intelligence of mobile data sources to extend investigative capabilities, accelerate investigations, unify investigative teams and produce solid evidence. Cellebrite’s range of mobile forensic products…enable the bit-for-bit extraction and in-depth decoding and analysis of data from thousands of mobile devices, including feature phones, smartphones, portable GPS devices, tablets and phones manufactured with Chinese chipsets. In addition to mobile device data, [our product] provides extraction, preservation and analysis of private data residing in cloud environments such as social media accounts. Cellebrite’s…is the prime choice of forensic specialists in law enforcement, military, intelligence, corporate security and eDiscovery agencies, with more than 30,000…units deployed in more than 100 countries.
Since 2013, it has had a contract with the FBI to help it hack into the cell phones of criminals and terrorists of interest to the agency.
The reporter attributes his story to “sources in the industry well-familiar with the subject.” My guess is this is someone associated with Cellebrite or perhaps a major shareholder who wants to see his stake appreciate in value. It may also be an Israeli intelligence source or even the prime minister’s office, seeking to brag about the Startup Nation helping to aid a U.S. terror investigation. It sure puts a hasbara feather in Israel’s cap.
The reporter doesn’t credit this AP report which confirms aspects of the Yediot story:
…The most straightforward possibility is that the FBI described the problem to a variety of contractors and one of them came forward with a proposed solution.
Other experts mentioned an Israeli company, Cellebrite Inc., that’s a leader among several firms selling smartphone forensics services and software tools to US police agencies. The programs can extract data from iPhones running older versions of Apple’s operating system, but they have been stymied by the latest version, known as iOS 9. That’s the version running on the San Bernardino iPhone.
Cellebrite hasn’t announced any new product that works with iOS 9, but it’s likely working on developing one, said Darren Hayes, a computer scientist and cyber-security expert at Pace University in New York.
Cellebrite representatives couldn’t be reached for comment Tuesday. The company did not respond to an email and phone message left at its US offices in New Jersey.
— BlackBerry Exclusive (@BBExclusiveUK) March 22, 2016
If anyone’s feeling reassured about this development (possibly Tim Cook, for example), they shouldn’t. See McAfee’s comment in the tweet above. While it will take Apple off the hook in the short-term, if Cellebrite can hack this iPhone then there are a lot of other smart people in the world who will figure out how to do it as well. Unless Apple comes up with new ways to further enhance its encryption that even Cellebrite can’t hack, then Apple’s guarantee of privacy won’t be worth the virtual paper it’s written on.
The article does get the background story about how the cell phone was used by the terror suspect and how it was handled after the police retrieved it, wrong. The reporter clearly hadn’t bothered to read the actual accounts which noted that the police had access to the phone until a not-so-smart detective decided to change the password. In doing so, he locked himself out of the phone. That is what caused the problem the FBI faces today.
In my experience, if a reporter gets one major part of their story, they may’ve gotten everything else in it wrong as well. So some measure of skepticism is warranted here. But my guess is that this error doesn’t invalidate the breaking story.
I’ve approached the Apple press office for comment and they have not responded.