FBI Hires Cellebrite To Crack San Bernadino iPhone (reuters.com)

← Back to Stories (view on slashdot.org)

FBI Hires Cellebrite To Crack San Bernadino iPhone (reuters.com)

Posted by BeauHD on Wednesday March 23, 2016 @08:54AM from the who-needs-Apple-anyway dept.

tlhIngan writes: Earlier this week, the FBI asked the court for a continuance so it could do some research into a proposed method of cracking the [iPhone belonging to one of the San Bernardino, California shooters]. It turns out the FBI has contracted Cellebrite for $15,000 to break into the phone. Cellebrite is an Israeli software provider specializing in mobile phone forensics software. If they succeed, it would mean Apple would no longer need to be involved.

41 of 237 comments (clear)

Min score:

Reason:

Sort:

apple can pull some DCMA BS and sue them by Joe_Dragon · 2016-03-23 08:55 · Score: 5, Funny

apple can pull some DCMA BS and sue them. Now will they be that much of a dick?
1. Re:apple can pull some DCMA BS and sue them by Lumpy · 2016-03-23 09:18 · Score: 5, Interesting
  
  I for one hope so. The DMCA is a piece of shit legislation, and if apple uses it it will be the only time it is used properly. to poke a stick in the eye of government goons.
  
  --
  Do not look at laser with remaining good eye.
2. Re:apple can pull some DCMA BS and sue them by silas_moeckel · 2016-03-23 09:26 · Score: 3, Informative
  
  Have fun with that. THEM Hey FBI can ya get me a court order to do this? FBI Sure here ya go. The judge said I could is a rather good defence for a civil issue.
  
  --
  No sir I dont like it.
3. Re:apple can pull some DCMA BS and sue them by shawn2772 · 2016-03-23 09:33 · Score: 2
  
  apple can pull some DCMA BS and sue them.
  You think? The DMCA does try to ban circumvention of security measures that are used to protect copyright, but I don't think that's the case here. The DMCA doesn't ban general breaking of security.
4. Re:apple can pull some DCMA BS and sue them by Sneftel · 2016-03-23 10:03 · Score: 4, Informative
  
  Cute, but no. Sayeth the DMCA:
  
  Law Enforcement, Intelligence, and Other Government
  Activities.--This section does not prohibit any lawfully authorized
  investigative, protective, information security, or intelligence
  activity of an officer, agent, or employee of the United States, a
  State, or a political subdivision of a State, or a person acting
  pursuant to a contract with the United States, a State, or a political
  subdivision of a State..
  
  --
  The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
5. Re:apple can pull some DCMA BS and sue them by Sneftel · 2016-03-23 10:06 · Score: 5, Informative
  
  Cute, but no. Sayeth the DMCA:
  
  Law Enforcement, Intelligence, and Other Government
  Activities.--This section does not prohibit any lawfully authorized
  investigative, protective, information security, or intelligence
  activity of an officer, agent, or employee of the United States, a
  State, or a political subdivision of a State, or a person acting
  pursuant to a contract with the United States, a State, or a political
  subdivision of a State..
  
  --
  The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
6. Re: apple can pull some DCMA BS and sue them by lgw · 2016-03-23 10:21 · Score: 5, Insightful
  
  Neither side requires burden of proof at the beginning.
  The "conversation" goes like this:
  Content owner: "this looks like ours, service please take it down" /takes it down
  Uploader: "no, this is mine. YouTube , please put it back up" /restores content.
  Sadly, the conversation actually goes like this:
  Content owner's bot: "this looks like ours, YouTube please take it down"
  YouTube bot: takes it down
  YouTube bot: all revenue from your channel now goes to Content owner
  YouTube bot: copyright strike against you, you can't upload a video over 15 minutes
  Uploader: "no, this is mine. YouTube, please put it back up"
  Uploader, a week later: "Heloooo! YouTube?! Is there anyone there?! I filled out all your forms, but nothing happened"
  Uploader, a month later: "Do any actual humans work at Google? "
  Uploader eventually dies of old age
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
7. Re:apple can pull some DCMA BS and sue them by mark-t · 2016-03-23 10:26 · Score: 3, Informative
  
  It wouldn't matter, 17 U.S. Code S 1201 SS e covers that:
  
  This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State.
  
  --
  File under 'M' for 'Manic ranting'
8. Re:apple can pull some DCMA BS and sue them by MobyDisk · 2016-03-23 10:41 · Score: 3, Insightful
  
  The judge can't compel you to do something illegal. Neither can a police officer.
9. Re:apple can pull some DCMA BS and sue them by Etcetera · 2016-03-23 10:58 · Score: 5, Insightful
  
  The judge can't compel you to do something illegal. Neither can a police officer.
  That's begging the question slightly. "Following the directions of a peace officer" in an emergency is on the rulebooks in most states. This is why a cop can flip traffic around and tell you to go the wrong way down a one-way street because there's an accident in an intersection, despite the presence of a marked "One way" sign, which is usually what wrong-way laws are keyed off.
  Don't confuse "illegal" with "unsafe" or "unreasonable"... The latter standards apply more broadly.
  
  --
  Hire a Linux system administrator, systems engineer,
10. Re: apple can pull some DCMA BS and sue them by easyTree · 2016-03-23 11:04 · Score: 2
  
  No. That's only true if the uploader isn't a multinational corporation.
  
  --
  Requiem for the American Dream
11. Re:apple can pull some DCMA BS and sue them by silas_moeckel · 2016-03-23 11:04 · Score: 2
  
  DCMA would be civil a judges order for a criminal case provides pretty good cover. As far as criminal the state can grant you immunity.
  
  --
  No sir I dont like it.
12. Re:apple can pull some DCMA BS and sue them by niftymitch · 2016-03-23 12:05 · Score: 2
  
  DCMA...
  Not as interesting solution as patching the vulnerability shortly
  after this phone gets hacked.
  It appears to me that as an Israeli company they are far enough from US law
  that they could be a vent for a secret NSA/CIA method and secret. They are
  also far enough to make it hard for a US court to compel them to act.
  The $15,000 price tag seems low for anything involving software.
  Might be OK for a hardware hack that begins with a slurp of the
  data from the RAM. As a qualified forensic service, data retention seems to
  be a necessary first step.
  For the US DOJ an Israeli company is close to a friendly safe harbor as
  there might be out there. It may also be a safe outlet for Apple and
  the business of other legally compelled services. They could deny further
  requests on older hardware because a service company has surfaced.
  i.e. We charge $150,000.00 per device and did you know that another $15,000.00
  service exists.
  Win Win.... for now.
  
  --
  Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
Thereby ... by Krishnoid · 2016-03-23 08:57 · Score: 2

Stimulating the global economy. Win-win!
1. Re:Thereby ... by FatdogHaiku · 2016-03-23 09:31 · Score: 2
  
  I can never find that thing...
  Wait, Stimulating What?
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
Israel by Anonymous Coward · 2016-03-23 08:58 · Score: 2, Interesting

How is it that tiny little war torn Israel always seems to have the latest in technology that we can't seem to get here in America?
1. Re:Israel by Anonymous Coward · 2016-03-23 09:01 · Score: 4, Funny
  
  Because to live there you can't be a fucking pussy.
2. Re:Israel by Grishnakh · 2016-03-23 09:19 · Score: 4, Insightful
  
  No, actually they don't. You don't see commercial airliners (or military planes for that matter), ships, cars (including EVs), appliances ("durable goods"), semiconductors, mobile phones, or really almost any kind of manufacturing in Israel, except a couple of firearms makers maybe. They do do a lot with IP however; several semiconductor companies have design centers there.
  It's true, Israel does have some impressive and unique technologies developed there, compared to its size and its state of security. A lot of their technology is military-oriented, for obvious reasons. They've done an impressive job of building a 1st-world nation (economically speaking) in a small place which used to be nothing special less than a century ago. But "the latest in technology"? No, sorry. They are not self-sufficient in any sense. They can't even make many of the weapons systems that defend them; they buy them from the US (e.g. fighter jets).
3. Re:Israel by sixsixtysix · 2016-03-23 09:59 · Score: 4, Insightful
  
  because we give them billions every year?
  
  --
  ...
4. Re:Israel by Quzak · 2016-03-23 10:32 · Score: 3, Insightful
  
  Because of all the money the US gives to them...you know...instead of upkeep on our infrastructure.
  
  --
  Support your local school shooter, give them your firearms.
5. Re:Israel by serbanp · 2016-03-23 12:49 · Score: 4, Informative
  
  You don't see commercial airliners (or military planes for that matter), ships, cars (including EVs), appliances ("durable goods"), semiconductors, mobile phones, or really almost any kind of manufacturing in Israel
  That's factually not true. TowerJazz (a top-ten pure-play manufacturer) has two modern fabs in Israel and the almighty #1 (intel) has two more in that country.
FBI may be required to share hack with Apple by JoeyRox · 2016-03-23 08:58 · Score: 4, Interesting

The irony is sweet with this one:

http://www.bloomberg.com/news/...
1. Re:FBI may be required to share hack with Apple by Anonymous Coward · 2016-03-23 09:13 · Score: 5, Funny
  
  Hello Apple, as required by law, we inform you that we have discovered a security leak in your product. Full disclosure follows.
  In order to reproduce the problem:
  1. call Cellebrite
  2. pay $15,000.-
  3. Handover phone to Cellebrite
  4. receive USB stick with all data.
  regards, the FBI
2. Re:FBI may be required to share hack with Apple by cant_get_a_good_nick · 2016-03-23 09:22 · Score: 4, Informative
  
  The legend is that they're copying off the NAND area. Basically, you can then brute force the phone as often as you want.
  You have 9 bad attempts. Then before you try the tenth, you copy the NAND back from before, in effect you reset the counter to 0. And you keep banging away.
  This won't work with newer phones with a Secure Element.
  So, there's no hack to share. Apple has already designed around this particular exploit.
3. Re:FBI may be required to share hack with Apple by Sax+Russell+5449D29A · 2016-03-23 09:58 · Score: 2
  
  That reminded me of a similar hack I read about a couple of years ago (and holy shit was it hard to find this again). It's about going around the 5 attempt limit per power cycle that exists in Opal compliant ATA password implementations.
  
  --
  -SR
Only $15,278.02? by bsDaemon · 2016-03-23 09:00 · Score: 2

There must not be too much secret sauce involved if they're going to do it that cheaply.
While that listing shows that they have bought SOMETHING from Cellbrite, I think I'd like to see a little more evidence before I'm convinced that this shows they hired Cellbrite to hack the San Bernardino iPhone. https://www.fpds.gov/ezsearch/... shows that the Secret Service bought $781k worth of something from them on the 10th of March.
A single FPDS entry doesn't really mean anything.
1. Re:Only $15,278.02? by DaHat · 2016-03-23 09:07 · Score: 5, Informative
  
  Devices like this have been around for a bit and is one possibility: http://blog.mdsec.co.uk/2015/0...
  
  --
  Help Brendan pay off his student loans
2. Re:Only $15,278.02? by shawn2772 · 2016-03-23 09:34 · Score: 2
  
  Devices like this have been around for a bit and is one possibility: http://blog.mdsec.co.uk/2015/0...
  I believe the weakness that made that device possible was fixed in iOS 9, so it wouldn't be useful.
$15,000 by wisnoskij · 2016-03-23 09:00 · Score: 2, Insightful

Wow, they should of asked for more. They would of had to pay 10 times, at least, that in any sort of legal battle.

--
Troll is not a replacement for I disagree.
1. Re:$15,000 by TechyImmigrant · 2016-03-23 09:06 · Score: 2
  
  A reusable capability would cost more. Cracking one phone without revealing the methods for $15k would be marketing.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
2. Re:$15,000 by Thelasko · 2016-03-23 09:19 · Score: 4, Insightful
  
  Wow, they should of asked for more. They would of had to pay 10 times, at least, that in any sort of legal battle.
  Cellebrite will likely reap 100 times that much in new business from the publicity this generates. It's not always about making a quick buck, but about making millions of bucks over the longer term.
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Only $15,000???? by gurps_npc · 2016-03-23 09:10 · Score: 5, Insightful

All that bullshit because the FBI wanted to save $15 thousand dollars?
Someone should be fired for such a dramatically bad decision as fighting it out in the court of public opinion, let alone federal court.

--
excitingthingstodo.blogspot.com
1. Re:Only $15,000???? by PCM2 · 2016-03-23 09:18 · Score: 4, Insightful
  
  All that bullshit because the FBI wanted to save $15 thousand dollars?
  On the other hand, $15,000 is pretty damn cheap for a global marketing campaign. When Cellebrite can't crack the iPhone, the bullshit will get cranked up to fever pitch.
  
  --
  Breakfast served all day!
2. Re:Only $15,000???? by cant_get_a_good_nick · 2016-03-23 09:34 · Score: 5, Insightful
  
  No.
  the FBI wanted to save 15,000 x A_LOT_OF_PHONES. Also, if the exploit is the NAND copy exploit as thought, newer phones can't be hacked this way, 15,000 or no.
  They wanted to set a precedent. There's ton of iPhones out there waiting to be cracked. Remember these are the guys that run Stingrays without telling you.
  As far as the Public Opinion goes, they just guessed wrong. Here's a phone, probably with nothing useful on it. But TERRORISM!!! MUSLIMS!!!! We still have some aspects of the P.AT.R.I.O.T. A.C.T (i write it that way because the back-ronym was silly) around because we were scared then. They thought that Apple would fold, and the public would all support the hack. They guessed wrong.
3. Re:Only $15,000???? by bloodstar · 2016-03-23 09:46 · Score: 4, Insightful
  
  No, the $15K is to justify dropping the case by rending the whole situation moot and save the FBI from having a court decision against them. A court decision against them would resonate for years, so you drop the case, avoid that precedent. Then pick a different case against a company who doesn't have great lawyers. Win that case, and there you go, precedent that favors you.
  
  --
  "The bass, the rock, the mic, the treble. I like my coffee black, just like my metal" - Mindless Self Indulgence
Outsourced espionage of citizens, treason? by Pitawg · 2016-03-23 09:11 · Score: 2, Interesting

Sounds illegal in both national and international levels, but I am still waiting for the encryption ban after this.
Imagine every LEO calling a mumble "Encryption" or "Code". Everything not understood must be encrypted. Remember the gang signs lockup for waving? Any files on your phone must be plain, and in all languages or it must be hidden messages. New tools for racists or classist members of LE or Government.
Re:Chain of custody? by Lumpy · 2016-03-23 09:20 · Score: 4, Insightful

Chain of custody does not matter in regards to TERRORISM.... and if you are against that then you hate america.

--
Do not look at laser with remaining good eye.
Re:Chain of custody? by Registered+Coward+v2 · 2016-03-23 09:26 · Score: 5, Insightful

How do you maintain chain of custody of the evidence if you hand it over to a company that's not governed by our laws?
If the Israeli company recovers data that gives them leads to other suspected terrorists, does the FBI have legal authority to pursue those leads when the information was "extracted" by a foreign company and it may or may not be fabricated? The only proof that they have that the information was really on the phone is because this company said so.
There is no need for maintaining a chain of custody unless it will be used as evidence. Since anything from this phone would most likely be used to identify potential suspects or persons of interest what they get is no different than any other tip.

--
I'm a consultant - I convert gibberish into cash-flow.
Re:Chain of custody? by shawn2772 · 2016-03-23 09:40 · Score: 4, Informative

How do you maintain chain of custody of the evidence if you hand it over to a company that's not governed by our laws?
That's not a problem, for at least two reasons.
First, chain of custody doesn't matter unless you want to use the information recovered as evidence in a trial. If you just use it to generate leads which you then use to find other suspects and evidence, then it's irrelevant if chain of custody was maintained.
Second, chain of custody is easy to maintain. Location and nationality don't affect chain of custody. What matters is that you have a documented chain and can prove that custody was maintained and access was controlled at each step. Worst case is that employees of the Israeli company may have to fly to the US and testify in court to substantiate the chain of custody, and to explain how they extracted the information. I'm sure the company would be happy to do that if the FBI paid them to (which would be an additional fee).
Re:Illegal! by J053 · 2016-03-23 10:39 · Score: 2

Not when the relevant law (DMCA in this case) explicitly says it does not apply to law enforcement or intelligence agencies. The law doesn't mean just what you want it to mean, it means what it actually says.
Torrent in 1003, 1002, 1001... by CanEHdian · 2016-03-23 13:21 · Score: 2

Cellebrite.iPhorensics.Suite.Government.and.Law.Enforcement.Edition.x64.v1.02.incl.Keygen.-.CoRE
Now every kiddie can haXX0r da iPhonez

--
When the copyright term is "forever minus a day", live every day like it's the last.