This article is more than 1 year old

Israeli biz fingered as the FBI's iPhone cracker

Cellebrite refuses to comment but breaking into phones is what it does

An Israeli company has been identified by a newspaper as the "third party" helping the FBI break into a killer's locked iPhone – the phone Apple refused to work with.

Cellebrite is a subsidiary of the Japanese Sun Corporation, is based in Israel, and has offices around the world. It was named by the Israeli newspaper Yedioth Ahronoth as the FBI's partner. The biz and the Feds have refused to deny it but also refused to confirm it, so take this tipoff with a pinch of kosher salt.

Even if Cellebrite isn't helping the Feds in this particular case, it's worth checking out the company's capabilities because it's a good example of the kind of forensics outfit that agents recruit to extract evidence from electronics.

Cellebrite specializes in mobile devices and has developed its own forensics systems to retrieve data from inside handsets, selling those services to the military, intelligence agencies and law enforcement. It also already has a contract with the FBI for breaking into phones, signed in 2013.

The company's main product in this field is called UFED Touch and it advertises it as the "ultimate solution" for accessing mobile phone data.

On its website, it touts its ability to access phones running iOS 8. Although the iPhone 5C in question – which belonged to San Bernardino shooter Syed Farook – is running iOS 9, which was released in September 2015, its data storage encryption is effectively the same in both versions (it was iOS 8 that was significantly different to iOS 7 in terms of data protection).

Here's a video showing how Cellebrite could access a locked device. It typically requires physical access to the hardware to break into it.

Youtube Video

On Monday, the FBI announced it had found an unnamed third party to crack Farook's locked iPhone without the device automatically wiping itself after too many wrong PIN guesses. The reveal was made in a last-minute legal filing in California just one day before the Feds were due in court to argue its case for why Apple should be compelled to develop a weakened version of iOS to let investigators into the phone.

The security industry and the intelligence services have long maintained that it is possible to access the phone using specialized equipment and as a result, the FBI efforts to force Apple to act are largely seen as an effort by the federal agency to win a legal precedent, with the emotionally charged San Bernardino shooting serving as a useful background for public support.

For one thing, forensics experts can open the phone, desolder the handset's NAND flash chips, plug them into a chip reader, and copy off the data to keep safe in case the operating system wipes its files after too many wrong PIN guesses. The flash chips are replaced on the circuit board, or some kind of special hardware piggybacks the electronics to emulate the NAND storage, and their contents are updated or restored as necessary during the PIN guessing process. This is known as NAND mirroring.

Alternatively, an unpatched security vulnerability in iOS could be exploited to ultimately unlock the device. There are many ways to crack this nut, and you don't necessarily need Apple's help.

The FBI clearly did not count on the strength of Apple's reaction or its willingness to embark on a big public relations push to argue against its actions. With signs that the FBI may also been losing the argument within Washington, the sudden announcement it had found a third party to access the phone is seen as a decision by law enforcement to back away from this particular fight rather than risk losing it. ®

More about


Send us news

Other stories you might like