Monday, October 31, 2016

When the FBI Has a Phone It Can’t Crack, It Calls These Israeli Hackers

Earlier this year, at the height of a very public battle between the FBI and Apple over whether the computer maker would help decrypt a mass murderer’s locked iPhone, it appeared that a little-known, 17-year-old Israeli firm named Cellebrite Mobile Synchronization might finally get its moment in the spotlight.


After weeks of insisting that only Apple could help the feds unlock the phone of San Bernardino killer Syed Rizwan Farook, the Justice Department suddenly revealed that a third party had provided a way to get into the device. Speculation swirled around the identity of that party until an Israeli newspaper reported it was Cellebrite. 


It turns out the company was not the third party that helped the FBI. A Cellebrite representative said as much during a panel discussion at a high-tech crimes conference in Minnesota this past April, according to a conference attendee who spoke with The Intercept. And sources who spoke with the Washington Post earlier this year also ruled out Cellebrite’s involvement, though Yossi Carmil, one of Cellebrite’s CEOs, declined to comment on the matter when asked by The Intercept.


But the attention around the false report obscured a bigger, more interesting truth: Cellebrite’s researchers have become, over the last decade, the FBI’s go-to hackers for mobile forensics. Many other federal agencies also rely on the company’s expertise to get into mobile devices. Cellebrite has contracts with the FBI going back to 2009, according to federal procurement records, but also with the Drug Enforcement Administration, the Secret Service, and DHS’s Customs and Border Protection. U.S. state and local law enforcement agencies use Cellebrite’s researchers and tools as well, as does the U.S. military, to extract data from phones seized from suspected terrorists and others in battle zones.


The company is poised to seize a prominent and somewhat ominous place in the public imagination; just as Apple has come to be seen as a warrior for digital protection and privacy against overreaching government surveillance, Cellebrite is emerging as its law-and-order counterpart, endeavoring to build tools to break through the barriers Apple and other phone makers erect to protect data.


“Vendors … are implementing more and more security features into their product, and that’s definitely challenging for us,” says  Shahar Tal, director of research at Cellebrite. “But we’ve solved these challenges before [and] we continue to solve these challenges today.”


In July, months after the unknown third party provided the FBI with a method for getting into the San Bernardino phone — an iPhone 5C running iOS 9 — Cellebrite announced that it had developed its own technique for bypassing the phone’s password/encryption lock. And the company is confident that it will be able to deal successfully with future security changes Apple may make to its phones in the wake of the San Bernardino case.


Read More...

No comments:

Post a Comment