Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Hires Cellebrite To Crack San Bernadino iPhone (reuters.com)

Posted by BeauHD on from the who-needs-Apple-anyway dept.

tlhIngan writes: Earlier this week, the FBI asked the court for a continuance so it could do some research into a proposed method of cracking the [iPhone belonging to one of the San Bernardino, California shooters]. It turns out the FBI has contracted Cellebrite for $15,000 to break into the phone. Cellebrite is an Israeli software provider specializing in mobile phone forensics software. If they succeed, it would mean Apple would no longer need to be involved.

8 of 237 comments (clear)

  1. Re:Only $15,278.02? by DaHat · · Score: 5, Informative

    Devices like this have been around for a bit and is one possibility: http://blog.mdsec.co.uk/2015/0...

    --
    Help Brendan pay off his student loans
  2. Re:FBI may be required to share hack with Apple by cant_get_a_good_nick · · Score: 4, Informative

    The legend is that they're copying off the NAND area. Basically, you can then brute force the phone as often as you want.

    You have 9 bad attempts. Then before you try the tenth, you copy the NAND back from before, in effect you reset the counter to 0. And you keep banging away.

    This won't work with newer phones with a Secure Element.

    So, there's no hack to share. Apple has already designed around this particular exploit.

  3. Re:apple can pull some DCMA BS and sue them by silas_moeckel · · Score: 3, Informative

    Have fun with that. THEM Hey FBI can ya get me a court order to do this? FBI Sure here ya go. The judge said I could is a rather good defence for a civil issue.

    --
    No sir I dont like it.
  4. Re:Chain of custody? by shawn2772 · · Score: 4, Informative

    How do you maintain chain of custody of the evidence if you hand it over to a company that's not governed by our laws?

    That's not a problem, for at least two reasons.

    First, chain of custody doesn't matter unless you want to use the information recovered as evidence in a trial. If you just use it to generate leads which you then use to find other suspects and evidence, then it's irrelevant if chain of custody was maintained.

    Second, chain of custody is easy to maintain. Location and nationality don't affect chain of custody. What matters is that you have a documented chain and can prove that custody was maintained and access was controlled at each step. Worst case is that employees of the Israeli company may have to fly to the US and testify in court to substantiate the chain of custody, and to explain how they extracted the information. I'm sure the company would be happy to do that if the FBI paid them to (which would be an additional fee).

  5. Re:apple can pull some DCMA BS and sue them by Sneftel · · Score: 4, Informative

    Cute, but no. Sayeth the DMCA:

    Law Enforcement, Intelligence, and Other Government
    Activities.--This section does not prohibit any lawfully authorized
    investigative, protective, information security, or intelligence
    activity of an officer, agent, or employee of the United States, a
    State, or a political subdivision of a State, or a person acting
    pursuant to a contract with the United States, a State, or a political
    subdivision of a State..

    --
    The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
  6. Re:apple can pull some DCMA BS and sue them by Sneftel · · Score: 5, Informative

    Cute, but no. Sayeth the DMCA:

    Law Enforcement, Intelligence, and Other Government
    Activities.--This section does not prohibit any lawfully authorized
    investigative, protective, information security, or intelligence
    activity of an officer, agent, or employee of the United States, a
    State, or a political subdivision of a State, or a person acting
    pursuant to a contract with the United States, a State, or a political
    subdivision of a State..

    --
    The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
  7. Re:apple can pull some DCMA BS and sue them by mark-t · · Score: 3, Informative
    It wouldn't matter, 17 U.S. Code S 1201 SS e covers that:

    This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State.

    --
    File under 'M' for 'Manic ranting'
  8. Re:Israel by serbanp · · Score: 4, Informative

    You don't see commercial airliners (or military planes for that matter), ships, cars (including EVs), appliances ("durable goods"), semiconductors, mobile phones, or really almost any kind of manufacturing in Israel

    That's factually not true. TowerJazz (a top-ten pure-play manufacturer) has two modern fabs in Israel and the almighty #1 (intel) has two more in that country.