back to article Israeli biz fingered as the FBI's iPhone cracker

An Israeli company has been identified by a newspaper as the "third party" helping the FBI break into a killer's locked iPhone – the phone Apple refused to work with. Cellebrite is a subsidiary of the Japanese Sun Corporation, is based in Israel, and has offices around the world. It was named by the Israeli newspaper Yedioth …

  1. NoneSuch
    Stop

    Enough.

    Which just goes to show, the more they protest, the less it means.

    Any "official" or Dept. of Commerce export approved crypto can be broken behind the scenes. I've long been suspicious of AES256 since the DES decryption debacle when an academic broke it with a custom piece of kit. If computing power (and a deliberately flawed algorithm) is all it takes the NSA has more than enough servers and mathematicians.

    OpenSSL has a series of flaws and HTTPS must also be treated as suspect. SHA-1 has issues and these are the ones we know about. If this inheriant weakness is ever exploited no one can have any confidence in the financial system until a true, dependable, Open Source, and uncrackable crypto system is in place. We're talking total meltdown if the bad guys find a way in.

    Crypto standards are being designed, by the Americans, to be flawed out of the gate. That needs to stop.

    We need a tinfoil hat icon.

    1. Anonymous Coward
    2. Marketing Hack Silver badge
      Black Helicopters

      Re: Enough.

      @Nonesuch

      Why settle for a tinfoil hat, when you can have your own Montana mountain bunker complex, presumably with off-grid power, several years of delicious freeze-dried foodstores, nuclear/biochemical hardening and his-and-hers gun closets! Neon "trespassers will be shot" signs are extra.

      (See enclosed icon)

      1. Anonymous Coward
        Anonymous Coward

        Re: Enough.

        @"Why settle for a tinfoil hat,"

        You are trying to dismiss his comment as crazy, yet you didn't address its substance.

        This *IS* a law enforcement supply company. It ALREADY had a contract since 2013 with the FBI. FBI only (at the last minute just before it was due to lose) called a hearing to say it could after all crack the phone.

        FBI was set to lose the case, which would have set a precedent they didn't want and suddenly announce they can hack it using a company they've used since 2013.

        The judge should call a hearing and get the FBI under oath to explain why they FORGOT they had this capability! Because it looks very much like the court has been lied to.

        1. allthecoolshortnamesweretaken Silver badge

          Re: Enough

          "The judge should call a hearing and get the FBI under oath to explain why they FORGOT they had this capability! Because it looks very much like the court has been lied to."

          I'd buy tickets to watch that.

          Looks like someone of the FBI's legal team is a big fan of Steve Martin.

        2. Marketing Hack Silver badge
          Facepalm

          Re: Enough.

          @AC

          I was joking. I pointed out that we already have the equivalent of a tinfoil hat icon.

          Get a grip.

    3. Anonymous Coward
      Anonymous Coward

      Re: Enough.

      > I've long been suspicious of AES256 since the DES decryption debacle when an academic broke it with a custom piece of kit.

      Except that DES has never, not even to this date, had any significant weakness found. The custom piece of kit was doing nothing more than brute-forcing all possible 2^56 keys.

      If that's the only weakness which AES256 has (or even AES128), it's good for the lifetime of the universe. That's not to say there *aren't* weaknesses in AES; just that your argument about DES is at best irrelevant.

      If you want to look at something to worry about, go look at Diffie Hellman: designed in the 1970's and with fixed magic numbers in the modp groups.

      > no one can have any confidence in the financial system until a true, dependable, Open Source, and uncrackable crypto system is in place

      There is no such thing as uncrackable crypto, with the possible exception of one-time-pad and a source of true randomness.

      But we do have crypto which is infeasible to crack given current capabilities. And it *is* Open Source, both its design and many implementations of that design.

      I won't bother repeating the xkcd about the $5 wrench, but it still stands: there are many, many soft spots which are much weaker than the crypto itself. The wetware in front of the keyboard is the biggest one.

      1. NoneSuch

        Re: Enough.

        Improved Davies Attack.

        Google it.

  2. Mark 85 Silver badge

    Interesting to say the least. I wonder if the phone wasn't already broken into and the lawsuit was just a smoke screen for precedent setting? Or... Or.... so many tinfoil hats needed lately.

    1. Marketing Hack Silver badge
      FAIL

      Of course the FBI's effort was a smoke screen or for precedent-setting purposes...

      They thought that if they sounded the terrorism dogwhistle, then everyone would fall into line. However, they didn't count on A) Apple being willing to open its wallet to fight back B) the rest of the tech industry falling into line behind Apple C) the public being largely ambivalent about the FBI's arguments and D) other past and present government officials publicly agreeing that watering down security might not be such a great idea in the current era of major IT security breakdowns.

      1. Doctor Syntax Silver badge

        Re: Of course the FBI's effort was a smoke screen or for precedent-setting purposes...

        As I wrote in another thread, never start a fight you don't know you can win. They thought they were OK & then found out they were starting that fight.

        1. a_yank_lurker Silver badge

          Re: Of course the FBI's effort was a smoke screen or for precedent-setting purposes...

          The ferals thought the terrorism angle would cow everyone into rolling over and giving them an easy win. Obviously, they badly misplayed their hand, which was not that strong to begin with. Many have noted that the ferals had other options including getting out the local donut shops to find out if there was anything remotely useful on the phone. Plus, their own incompetence and bluff was called. Now, they have find a way out that at least sounds plausible.

    2. Anonymous Coward
      Anonymous Coward

      Easy way to find out

      "so many tinfoil hats needed lately."

      1) No need for tinfoil. Call the hearing, FBI goes to court and states how it can magically now crack the phone while previously saying it couldn't.

      2) Call the Israeli (other) company to court to confirm that it ONLY JUST NOW wrote software that could crack it, despite claiming it as a long standing capability of their software.

      3) Hilarity ensues or false statement explained.

      On the face of it an implausible false statement was made to the court, and so that needs to be investigated and closed up.

      To lie to court is perjury even when the FBI does it.

  3. Anonymous Coward
    Anonymous Coward

    Lords and Masters

    They've had to turn to their Masters for help.

    1. MrRimmerSIR!
      Thumb Down

      Re: Lords and Masters

      There's always one...

    2. JCitizen
      Thumb Down

      Re: Lords and Masters

      Pffftt!!! Any tin horn at a Pwn2Own contest could have broken into that phone, The FBI was just on another intimidate the free people push! US LEOs do it all the time. It is getting boring now. Any time you have physical access to a device, you own it! I've read they screwed up when an FBI investigator decided to take the initiative and reset the phone - that makes the cloud drive just about impossible to get into after that! Stupid-stupid-keystone cops!

  4. Thought About IT
    Big Brother

    At last, some good news about Windows phones

    Unless I missed it, Windows Phones didn't appear in the lists of crackable phones on that Cellebrite video. Too good to be true?

    1. Anonymous Coward
      Anonymous Coward

      Re: At last, some good news about Windows phones

      Indeed, wondered the same thing.

      Oh well, as the only two users we should be safe!!!

      1. x 7

        Re: At last, some good news about Windows phones

        "Oh well, as the only two users we should be safe!!!"

        not if you downgrade to Windows 10

        1. EddieD

          Re: At last, some good news about Windows phones

          Nah, it's just that they don't need to crack Windows phones as Microsoft have already given the Feds the keys.

          (ob disclaimer... I have a Windows phone...)

    2. nijam

      Re: At last, some good news about Windows phones

      > Too good to be true?

      Or just security that isn't good enough to need such an expensive toolset to crack?

    3. NoneSuch

      Re: At last, some good news about Windows phones

      NSA had backdoor access to Skype, what makes you think the attitude is any different to Windows Phones?

      http://news.softpedia.com/news/Skype-Provided-Backdoor-Access-to-the-NSA-Before-Microsoft-Takeover-NYT-362384.shtml

  5. Jason Bloomberg Silver badge
    Black Helicopters

    My god; it's full of stars

    I think we can be guaranteed to be told that, once unlocked, the device was crammed full of evidence which will help the fight against terrorism. We won't be told what that evidence is - for national security reasons - but we can be sure it will presented to show that Feds were right to want to crack it open, and Apple endangered America in refusing to assist in that.

    And we'll be told that whether they do unlock it or fail in that effort. There's a reason Israel and America are bestest friends forever.

    1. Anonymous Coward
      Anonymous Coward

      Re: My god; it's full of stars

      There's a reason Israel and America are bestest friends forever.

      Well, to be fair, they ARE very good at crypto and have been for many years.

  6. JeffyPoooh Silver badge
    Pint

    Apple iPhone / iOS Security bods busy filling in a Purchase Requisition...

    Qty: 1

    PN: UFED Touch by Cellebrite.

    Status: Urgent

    NOTE: Order under Acme Enterprises shell company (DON'T MENTION APPLE!!)

    Once they've locked down the next iPhone / iOS, then gosh, Cellebrite is going to have to revise their software to rely on the next vulnerability. That's going to take all week...

  7. Anonymous Coward
    Anonymous Coward

    eh? But i thought

    Jews were against fascists?

    1. This post has been deleted by a moderator

    2. MrRimmerSIR!

      Re: eh? But i thought

      You mean you think all Jews think the same and all Israelis are Jewish. Don't let ignorance get in the way of a good jibe!

  8. Herby Silver badge
    Black Helicopters

    The bigger problem...

    Probably is that it cost the FBI some amount of $$ that they didn't want to pay, and also required an increment of time as well as physical access to the item in question.

    ALL of these were bypassed in the court order fostered upon Apple.

    So, in reality they wanted to do it on the cheap, and with little oversight, which they would need to pay someone to do the dirty deed.

    Yes, the president would be set.

    1. Palpy

      Re: That president thing...

      Yes, I'm sure President-Cum-Dictator Trump would indeed welcome the use of his SturmTrumpers to ride over any and all petty considerations of legality, liberty, and legislative legerdemain.

      But I understand: the demon OttoKorrect changed precedent to president in your post. No worries, your point is valid.

      Just couldn't resist a dig at the USA's current Idiot-In-The-Running.

      I suppose the reasoning was that while they could hire a firm to do the best they could to crack the phone, they might also open up a legal precedent forcing mods to proprietary code. It could then be applied to other companies, including Microsoft, Google, Red Hat, etc.

      Fail.

  9. Doctor Syntax Silver badge

    "Probably is that it cost the FBI some amount of $$ that they didn't want to pay,"

    Don't be silly. Plan A was lawyers. Which do you think would cost more?

  10. DainB Bronze badge

    Happy now ?

    Yes, you, everyone who was objecting to FBI getting access to particular phone with court order.

    Are you all feeling much safer now when you know that there is commercial entity that can unlock any iPhone without court order and that FBI now has access to that toolkit ?

    1. lowwall

      Re: Happy now ?

      They already had access to that toolkit. Did you miss the link to the existing contract?

      Aug 28, 2013 5:15 pm

      The Federal Bureau of Investigation (FBI) intends to award, on a sole-source basis, a fixed price purchase order to Cellebrite USA, Inc. 266 Harristown Rd. Ste 105 Glen Rock, NJ 07452.

      Cellebrite will provide two Cellebrite USA UFED Touch Ultimate Kits (Logical and Physical Mobile Forensic Solution) for use in Forensic casework.

      Market research efforts have indicated that the Cellebrite UFED System is the only hand-held, cellular exploitation device worldwide that requires no PC or associated phone drivers. The system will quickly extract phonebook, pictures, videos, SMS messages, call histories, ESN/IMEI information, and deleted SMS/call histories off the SIM for rapid analysis. Cellebrite supports all major technologies (DMA, CDMA,GSM, IDEN) including, Smartphone operating systems and PDAs (Apple iPhone, Blackberry, Google Android, Microsoft Mobile, Palm and Symbian) for over 95% of all handset models worldwide....

      Given this, it certainly does appear that the FBI was using this as a pretext to gain new powers. I'm no Apple fan, but I'm glad they stood up to the pressure.

      FWIW, I actually do feel better that law enforcement can unlock encrypted devices in cases like this, where a judge on a non-secret court has reviewed the specific request and determined there is a lawful reason for doing so.

      1. JCitizen
        Thumb Up

        Re: Happy now ?

        @Iowwall - EXACTLY!!

    2. Someone_Somewhere

      Re: Happy now ?

      >Are you all feeling much safer now when you know that there is commercial entity that can unlock any iPhone without court order<

      So, what you're saying is that, if you don't know about something, it doesn't exist?

      Don't tell me, let me guess: you're one of those people who've never installed an antivirus/antimalware solution because your systems have never been compromised; never taken an HIV test because you've never had HIV.

      >and that FBI now has access to that toolkit ?<

      Gosh! You mean that the FBI never knew about Cellebrite until now? Or that Cellebrite would never have agreed to work with the FBI until they were certain that someone else /wouldn't/ work with the feds first?

      I've got some natural news for you that I think you might find interesting. I don't know if it's true, because I haven't wasted any time investigating, but (apparently) if we all stopped vaccinating our kids then there'd be no need to vaccinate them in the first place.

    3. Old Handle

      Re: Happy now ?

      Much safer? No. A little safer? Yes. The thing that worried me about the whole thing, is that if they could lean on Apple to help, it could become a routine procedure. "Hey Tim, we've got another cart of phones to unlock." Whereas I'm sure this Israeli forensic company's services don't come cheap, so they're not going to unlock every phone they get off somebody caught with an ounce of weed or whatever.

      I have no problem with them bringing heavy hacking tools and extracting data from the phones of real terrorists like Syed. I just don't want it to be so easy they can do it for no good reason.

  11. Alister Silver badge

    I wonder whether (whatever the actual outcome) the FBI will triumphantly announce their finding of (unspecified) incriminating data on the phone, just to justify their law suit.

    I really can't see them going "ah, well actually there wasn't anything worth having on there, sorry to have bothered you..."

  12. Bloakey1

    Interesting, so the Israeli intelligence people get the data as well

    1. MrRimmerSIR!

      Israeli company =/= Israeli intelligence, same as American company =/= American intelligence etc. etc.

      Do you actually know something, or just making up allegations to suit?

      1. Chris G Silver badge

        MrRimmer; Israel at the geographical centre of current terrism, biz based in Israel hacking info about terrists from a terrist phone. I don't think there is much to think about or question there.

        1. Anonymous Coward
          Anonymous Coward

          Dog or dictionary?

          Terrism? Terrist? You got some kind of dog issue going on?

          1. Fatman Silver badge
            FAIL

            Re: Dog or dictionary?

            <quote>Terrism? Terrist? You got some kind of dog issue going on?</quote>

            No, he is being paranoid, after all, the TLAs like to scour the internet for suspicious activity, and the correct use of the proper term might bring down the jack boots of law enforcement; in a bungled attempt to stave off the next world wide news item.

            1. Solmyr ibn Wali Barad

              Re: Dog or dictionary?

              "the correct use of the proper term might bring down the jack boots of law enforcement"

              That's not surprising. People with good language skills have often been considered a threat for the ruling elite. Pen being mightier than sword and all that.

              Ref: Chinese Cultural Revolution, Soviet Union throughout its existence, various junta-style regimes.

  13. Anonymous Coward
    Anonymous Coward

    There are many ways to crack this nut

    I suppose apple wouldn't consider putting some self-destruct mechanism in the future phones? I mean, somehing that would be triggered by the owner himself (warranty void, etc.) whenever physical access to the guts were to be sought?

    1. Someone_Somewhere

      Re: There are many ways to crack this nut

      Phones made of C4?

      An interesting new approach: the phone is both detonator and bomb - an all-in-one solution!

      I don't know if I'd be up for it myself - what if someone calls me when it's in my pocket?

      1. allthecoolshortnamesweretaken Silver badge

        Re: There are many ways to crack this nut

        "Phones made of C4?"

        Ironically (or maybe not) you could outsource that to israeli specialists too:

        http://www.nytimes.com/1996/01/06/world/palestinian-believed-to-be-bombing-mastermind-is-killed.html

        1. Someone_Somewhere

          Re: There are many ways to crack this nut

          Just goes to show that I was right all along: it doesn't matter how far-fetched/depraved/degenerate/whatever the idea, if you can think of it, someone else was already doing it before your grandparents were born.*

          * I'm allowed a little 'poetic' leeway for technological advancement.

    2. P. Lee Silver badge

      Re: There are many ways to crack this nut

      >something that would be triggered by the owner himself (warranty void, etc.) whenever physical access to the guts were to be sought?

      Or link it to a heart-rate monitor app?

      Whatever the case, Schneier's point has been demonstrated. It is almost impossible to reliably defend against terrorism because each attack is unique. Whether or not there is anything useful on that iphone, no terrorist will forget to wipe their phone before heading into a battle.

      Methinks, however, that the FBI will continue to want the capability which no longer has any relevance to terrorism.

  14. Anonymous Coward
    Anonymous Coward

    " an unnamed third party to crack Farook's locked iPhone "

    So they did hand it over to Abby...

    1. Someone_Somewhere

      Re: So they did hand it over to Abby

      and/or McGeek.

  15. Stevie Silver badge

    Bah!

    Who knows what the real story is in amngst all the smoke and mirrors.

  16. Someone_Somewhere

    Every Time You Make A Typo

    the errorists win!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019