Israel's Cellebrite Revealed As Company Helping FBI Hack iPhone Encryption

Tyler Durden's picture

In the aftermath of the FBI's surprising request on Monday to postpone a hearing in its legal crusade to unlock Apple cellphones, many wondered who it was that had succeeded in penetrating the supposedly unhackable smartphone. Earlier today Reuters provided the answer: the FBI's effort is being assisted by Israel's Cellebrite, a provider of mobile forensic software, which is now helping the Feds in their attempt to unlock an iPhone used by one of the San Bernardino, California shooters, the Yedioth Ahronoth newspaper reported on Wednesday.

If Cellebrite succeeds, then the FBI will no longer need the help of Apple Inc, the Israeli daily said, citing unnamed industry sources. It will also mean that the entire Apple "stand" for privacy and consumer rights was one big theatrical spectacle as both parties involved clearly were aware the iPhone can be penetrated with the right tools. Aptly enough, said tools have been found in Israel.

Cellebrite officials declined to comment on the matter.

Cellebrite, a subsidiary of Japan's Sun Corp, has its revenue split between two businesses: a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices and technology for mobile retailers.

For those who are not familiar with the story, Apple is engaged in a legal battle with the U.S. Justice Department over a judge's order that it write new software to disable passcode protection on the iPhone used by the shooter.

The two sides were set to face off in court on Tuesday, but on Monday a federal judge agreed to the government's request to postpone the hearing after U.S. prosecutors said a "third party" had presented a possible method for opening an encrypted iPhone.

The development could bring an abrupt end to the high-stakes legal showdown which has become a lightning rod for a broader debate on data privacy in the United States, coincidentally right after Apple's latest big product announcement which was for all intents and purposes, a major dud. 

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
TeamDepends's picture

But it's for the Zio children!

BullyBearish's picture

D A D....Distrust ALL Digital

PT's picture

There they are hacking phones ... and here I am seriously considering giving up both phones and computers because I have lost ALL control of them.  I can't properly examine what my computer downloads.  Battling to get rid of bloat and crap.  Years ago I won some spectacular battles but I devastatingly lost the war.  My computer is not my computer.  It sucks being out-of-date.

Tasty Sandwich's picture

I'm trying to switch over to Linux Mint, but I basically learned Windows by using it for the past twenty years; so, it's not easy.

If you don't deliberately prevent it, through the group policy or registry, Windows 7 and Windows 8 will automatically upgrade to Windows 10.  Microsoft is hell-bent on switching everyone over.

roddy6667's picture

I have been using Linux, mostly LinuxMint for over 8 years. There's nothing to learn. Burn the LIVE CD, run it, and click on "install". You never need the command line. Don't listen to the old school Linux geeks in their mom's basement. It does not come loaded with Malware and advertising like a new Windows computer. All the software you need is in the CD or just use Synaptic Package Manager in the Administration section. It's like a library. Look up what you want and click on it. It downloads and installs itself. It has all been certified by the Linux gods.

Nobody bothers to write viruses and malware for Linux because it is such a small part of the market. China has made all their government, schools, and military switch to Linux because Windows is so compromised.

flowlessflow's picture

"China has made all their government, schools, and military..."

Sounds like an good incentive for someone to write malware......

Manthong's picture

 

Well, so much for that encryption technique.

 

J S Bach's picture

This is absurd. Those innocent holocaustians would never do such an underhanded thing.

PT's picture

I want the source code, the memory map and the firmware guide.  I don't trust anyone and I don't see why I should have to.

(These days I don't trust hardware either.  I guess there are a few tests I could do to verify.  Maybe.  Oh well, ... looks like I need a bigger rock to live under.

z530's picture

If you're tech savvy and are worried about your security, go with OpenBSD.

Winston Smith 2009's picture

"Nobody bothers to write viruses and malware for Linux because it is such a small part of the market."

Hacker explains how he put "backdoor" in hundreds of Linux Mint downloads

http://www.zdnet.com/article/hacker-hundreds-were-tricked-into-installin...

PT's picture

I thought the joy of Linux was that you could view the source and change it yourself (if you are a programmer, of course).  Some one puts in a hack?  Just take it out again.  Write your own net-viewing software.  Then you don't need updates.  You don't need Anti-virus software.  You can write your own ad-blocking software.  And now you know why it is trendy to be stupid.  Now you understand that the net is less than a shadow of what it could have been.  If you're happy being stupid while others exploit your ignorance, ... you get the net in its current form ...

Winston Smith 2009's picture

For the vast majority of people, you download an entire executable build, typically as an ISO. If you want to go through the entire huge source code to find a back door that is most likely hidden, then compile the source code yourself, have at it. You would be in the vast minority, especially with the type of distribution (release) he's talking about. OPEN source code actually makes it much, MUCH easier to insert malware but, fortunately, it also makes it easier to eventually catch.

PT's picture

Figuratively speaking, the enemy already has lots of guns and ammo.  I just want my share of guns and ammo.  If the enemy gets even more guns and ammo, so be it.  What's he gonna do -  shoot me a hundred times instead of ninety?  At least I won't have nothing.

You can read all the source code.  Or you can write code that looks for certain commands ... there are many tricks for looking for Malware, and other tricks that neutralize Malware.  It starts with an opcode chart and a firmware guide.

Stan522's picture

My computer (Windows 7) has been trying to update to "10" since it was first "automatically" downloaded in wait on my PC.... I've prevented it EVERY TIME, but it's not easy. Remain vigilant......!

More Ammo's picture

Here is the registry hack to stop the notifications and the upgrade.

save the txt to a .reg file and run it.

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DisableOSUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GWX]
"DisableGWX"=dword:00000001

 

HughBriss's picture

Nice!  You can also uninstall a few windows updates and accomplish the same feat: KB3035583 and KB2952664.  Of course, those updates then need to be hidden or else they will reinstall themselves, thus negating one's attempts at removing them...

More detail here

FixItAgainTony's picture

That is helpful but makes for a false sense of security, MS controls the OS in totality and can nullify all these fixes by changing the policies preventing Win10 forced upgrade.  This is mainly accomplished through their remotely updating WGA via the small-print EULA they make you agree to.  Sadly your best bet is configuring your router host file to block all MS domains and risk going without the patches.  Note:  I use most free and commercial OSs and can't pick favorites.

PrezTrump's picture

LMAO

please give me moar beatings!!

I love it microsoft! I SAY MOAR!

malek's picture

Exactly,
and those Registry entries are described at Microsoft Knowledge Base article https://support.microsoft.com/en-us/kb/3080351

gcjohns1971's picture

roddy6667 is right.

The exact flavor of Linux doesn't really matter, much.  I am one of the "Linux Geeks" predesessors being a 'Unix Geek'.   Our Mom's live in our basements or other housing we provide...God Bless those of 'em who are still around. 

No you don't HAVE to learn the GNU command line tools.

But if you do you will have TOTAL control over most versions of Unix, to include the Linux variant (Linux being the Unix variant that is derived from and approved by Linus Torvald).  They're referred to as 'Nixes (U-nix, Lin-ux, etc).

With that said, I also use Windows, because of the wide availability of software that can be installed conveniently.  I just understand that anything I put on it is going to be open to the world.   I think of Windows as a front porch, where everything can be seen from the street.

You must understand that there is no such thing as a secure operating system.   Linux is not 'More Secure' than Windows.  But two very, very important caveats apply. 

The FIRST caveat is that SOME versions of Linux and Unix don't have a corporate sponsor.  That means no corporate sponsor is harvesting your data.  But it also means that there is no corporate sponsor taking on the burden of replacing old versions of applications with known vulnerabilities with new versions that don't have known vulnerabilities. 

The SECOND caveat is that while all OS's are fundamentally equally insecure... Microsoft controls the secure-ability of Windows, while YOU control the secure-ability of Linux/Unix.   That, too, is a two edged sword.  You can finely tailor your risk profile on Unix/Linux IF YOU KNOW HOW.  On Windows, you are limited by the tools Microsoft gives you, and those tools were SPECIFICALLY DESIGNED to PREVENT you from doing anything that Microsoft believes to be a mistake.  And no Microsoft administrative tool gives you anywhere even close to the level of control you can have on Unix/Linux.   Of course...that unlimited administrative control also means you have unlimited ability to mess things up too.

Remember THIS:

-The most secure computer is one that doesn't work.

-The second most secure computer is one that has no network connections at all.

-The third most secure computer is one that has had all software except those few that are absolutely necessary disabled....  Virtually EVERYTHING you are used to 'using' on the computer is not necessary for the computer.  It is necessary for YOU to do things easily.  There's a difference, because your needs and the computer's operational needs are different...and often in counter-poise.

If I wanted to BALANCE some of the relevant securities I would make a headless unix or linux server, then load a virtualization server software such as Virtual Box, and then load whatever OS I liked using as a Virtual Machine...but with all the user storage shared from the VM server, and under its exclusive control, encrypted, and requiring multi-factor authentication to access that is discreet from the Guest VM's logon authentication.  It makes it a bit harder to save data.  But it makes the data saved much more secure.  

That kind of a setup is in a whole different league of difficulty to create and maintain than what 99.9% of people are willing or able to do.

Or you could just resign yourself to being digitally insecure, and leave anything you don't want taken off of your digital devices.

HughBriss's picture

Excellent read.  Thank-you!

 

 

+1 

PrezTrump's picture

Switching to linux? LMAO

Why not just shoot yourself now?

Don't get me wrong, its better than what microshit makes.  But its simply not for general desktop use.

Get a mac and get on with your life.

Dave Thomas's picture

LOL OSX is a ripoff of BSD Eunichs, go Jobs go!

poeg's picture

NetBSD, FreeBSD and a bit of NEXT so Jobs did have some original content amidst all that open source goodness.

malek's picture

You mean take a Unix-based OS that is messed up in the same "easy to use above everything" way as Windows?

oncemore's picture

I am with Linux since 1995 & I would have troubles with MS spyware.

But I am not aware of any application, which would force me to use MS$spyware.

Well I am a little bit more, then a simple user.

 

AND: Iphone is a computer; if I have a computer in my hands (means physical access to the device) there is nothing, what would prevent me to hack it.  Be it Unix, WIndows, or anything else. ( a security warning from the good old school of Digital Equipment Corp. sysadmin.)

fallout11's picture

So true. From another old greybeard, if you have physical access to the box, you can always crack it, it is only a matter of time.

ToSoft4Truth's picture

You need Windows 10.  Go ahead, free upgrade.  Put your mind at ease.

 

 

PT's picture

No.  You need Win11.  No, Win12, no Win 13 ... and don't forget the updates and the AV ...

Just leave the damn thing turned on 24/7 so it can continously download ads and updates.  Get an old computer from the '80s if you actually want to do any work.

Damn shame, I like the modern processors, clock speeds, GPUs and memory.  Damn shame I have so little access to them ...

CPL's picture

The government doesn't hack phones.  They are honouring the EULA on the device you agreed to thanks to SOPA, PIPA and about a dozen other laws no one fussed too much about when they happened.  So it's not breaking into a phone, it's the lack of participation in the legal system by the populations of first world nations.  By the lack of participation everyone granted the permission to allow it to happen.

However if you want to close that door.  Just disable TPM, that's the big back door.  You'll find it under windows services.  In Linux you have to do a modprobe for the driver first then disable it.  For Mac's the entire platform is built to market crap and spy on their users therefore it cannot be disabled without severely effecting the OS and all the junk they've built on the platform.  ( Can always install linux on them.  They are just overpriced, unconfigurable, under powered laptops running FreeBSD with a different UI anyways.)

More Ammo's picture

CPL, this will only work until Tivoization is fully realized...

 

Tivoization /?ti?vo???ze???n/ is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions to prevent users from running modified versions of the software on that hardware.

https://en.wikipedia.org/wiki/Tivoization
CPL's picture

Hence all the jailbreaking and the popularity of andriod ROMs to replace vendor/service provider software on consumer goods.  People are always going to hack stuff they buy.  Doesn't matter if it's a Tivo, or an xBox or the most popular form of hacking.  Performance modifications for Cars, Bikes and Trucks.  They are usually called Mechanics but if someone is slipping in a new dual exhaust system, or a tuner chip, or replacing the air intake, or putting spinners on.  All that rice rocket tech is still hacking the original product beyond it's original 'version'.

Usually with cool looking results.

 

monk27's picture

...here I am seriously considering giving up both phones and computers because I have lost ALL control of them

That's because you don't know how to use these tools properly. A computer's main use is to surf for porn. A cell's main use is to pick-up hookers, when out of town. That's it, nothing more. And whatever you do, make sure you don't "upgrade" beyond Windows 7 !

Dave Thomas's picture

Where are all these open source phones that were supposed to hit the market? Remember that FIC Phone? IMHO Android isn't open source, sure they have forks like Cyanogenmod and such, but take a look at the network stack when the phone is sitting idle. There are about 15~30 connections back to google at any one time. God knows what kind of data it's relaying back to the mothership. Until the end user has complete control on what data is sent to and from the device there is no such thing as privacy.

oncemore's picture

Should I trust Alphabet, then statistics only. hahahaha.

CPL's picture

They are on other continents.  Where things are happening interms of any type of technology progress is anywhere where commoditization hasn't taken place.

Normalcy Bias's picture

Isn't Isreal already receiving wholesale info on Americans from fedgov?

roddy6667's picture

Irving can get it for you wholesale.

junction's picture

Any evidence on the iPhone linking the Mossad to the San Bernardino attack will now really be scrubbed clean.

rubiconsolutions's picture

Maybe the FBI and Israeli's can collaborate and finally figure out what happened to the USS Liberty in 1967. 

begintowin's picture

We already know what happened on Thursday, June 8, 1967.

1. Thirty-four American sailors and Marines were deliberately murdered by the Israeli military and the ship was nearly sunk.

2. The traitorous Lyndon Johnson, President of the United States, ordered the U.S. Navy Board of Inquiry to whitewash the entire attack and forbade the surviving and wounded crew to speak about it.

3. On that day it should have been clear to the American people their government in Washington had been taken over by a foreign State to undermine the republic and commit acts that endangered the national security of America.

The USA is lost and no presidential candidate can restore her greatness because the citizenry are too brainwashed by government entitlements and distracted by the "foofooism" of social media.

Rebel yell's picture

Yes. The USS Liberty and our liberties as a nation went down with it!

Rebel yell's picture

I wonder how Obama feels knowing that Netanyahu beat him at his own game?! An eye for an eye, a spy for a spy.

holgerdanske's picture

How fitting. Is there a hell for jews? just asking.

More Ammo's picture

They will all go to hell according to the new covenant...

mkhs's picture

Sure.  It is like a rib-joint where they serve pork ribs at half price. It is a bargain, but forbidden.  Oy vey.

Kirk2NCC1701's picture

Good to know that all the Billions the US Taxpayer is sending to "poor Israel" is being put to good use.