Israeli biz fingered as the FBI's iPhone cracker An Israeli company has been identified by a newspaper as the "third party" helping the FBI break into a killer's locked iPhone – the phone Apple refused to work with. Cellebrite is a subsidiary of the Japanese Sun Corporation, is based in Israel, and has offices around the world. It was named by the Israeli newspaper Yedioth …
Which just goes to show, the more they protest, the less it means.
Any "official" or Dept. of Commerce export approved crypto can be broken behind the scenes. I've long been suspicious of AES256 since the DES decryption debacle when an academic broke it with a custom piece of kit. If computing power (and a deliberately flawed algorithm) is all it takes the NSA has more than enough servers and mathematicians.
OpenSSL has a series of flaws and HTTPS must also be treated as suspect. SHA-1 has issues and these are the ones we know about. If this inheriant weakness is ever exploited no one can have any confidence in the financial system until a true, dependable, Open Source, and uncrackable crypto system is in place. We're talking total meltdown if the bad guys find a way in.
Crypto standards are being designed, by the Americans, to be flawed out of the gate. That needs to stop.
We need a tinfoil hat icon.
@Nonesuch
Why settle for a tinfoil hat, when you can have your own Montana mountain bunker complex, presumably with off-grid power, several years of delicious freeze-dried foodstores, nuclear/biochemical hardening and his-and-hers gun closets! Neon "trespassers will be shot" signs are extra.
(See enclosed icon)
@"Why settle for a tinfoil hat,"
You are trying to dismiss his comment as crazy, yet you didn't address its substance.
This *IS* a law enforcement supply company. It ALREADY had a contract since 2013 with the FBI. FBI only (at the last minute just before it was due to lose) called a hearing to say it could after all crack the phone.
FBI was set to lose the case, which would have set a precedent they didn't want and suddenly announce they can hack it using a company they've used since 2013.
The judge should call a hearing and get the FBI under oath to explain why they FORGOT they had this capability! Because it looks very much like the court has been lied to.
"The judge should call a hearing and get the FBI under oath to explain why they FORGOT they had this capability! Because it looks very much like the court has been lied to."
I'd buy tickets to watch that.
Looks like someone of the FBI's legal team is a big fan of Steve Martin.
> I've long been suspicious of AES256 since the DES decryption debacle when an academic broke it with a custom piece of kit.
Except that DES has never, not even to this date, had any significant weakness found. The custom piece of kit was doing nothing more than brute-forcing all possible 2^56 keys.
If that's the only weakness which AES256 has (or even AES128), it's good for the lifetime of the universe. That's not to say there *aren't* weaknesses in AES; just that your argument about DES is at best irrelevant.
If you want to look at something to worry about, go look at Diffie Hellman: designed in the 1970's and with fixed magic numbers in the modp groups.
> no one can have any confidence in the financial system until a true, dependable, Open Source, and uncrackable crypto system is in place
There is no such thing as uncrackable crypto, with the possible exception of one-time-pad and a source of true randomness.
But we do have crypto which is infeasible to crack given current capabilities. And it *is* Open Source, both its design and many implementations of that design.
I won't bother repeating the xkcd about the $5 wrench, but it still stands: there are many, many soft spots which are much weaker than the crypto itself. The wetware in front of the keyboard is the biggest one.
They thought that if they sounded the terrorism dogwhistle, then everyone would fall into line. However, they didn't count on A) Apple being willing to open its wallet to fight back B) the rest of the tech industry falling into line behind Apple C) the public being largely ambivalent about the FBI's arguments and D) other past and present government officials publicly agreeing that watering down security might not be such a great idea in the current era of major IT security breakdowns.
The ferals thought the terrorism angle would cow everyone into rolling over and giving them an easy win. Obviously, they badly misplayed their hand, which was not that strong to begin with. Many have noted that the ferals had other options including getting out the local donut shops to find out if there was anything remotely useful on the phone. Plus, their own incompetence and bluff was called. Now, they have find a way out that at least sounds plausible.
"so many tinfoil hats needed lately."
1) No need for tinfoil. Call the hearing, FBI goes to court and states how it can magically now crack the phone while previously saying it couldn't.
2) Call the Israeli (other) company to court to confirm that it ONLY JUST NOW wrote software that could crack it, despite claiming it as a long standing capability of their software.
3) Hilarity ensues or false statement explained.
On the face of it an implausible false statement was made to the court, and so that needs to be investigated and closed up.
To lie to court is perjury even when the FBI does it.
Pffftt!!! Any tin horn at a Pwn2Own contest could have broken into that phone, The FBI was just on another intimidate the free people push! US LEOs do it all the time. It is getting boring now. Any time you have physical access to a device, you own it! I've read they screwed up when an FBI investigator decided to take the initiative and reset the phone - that makes the cloud drive just about impossible to get into after that! Stupid-stupid-keystone cops!
I think we can be guaranteed to be told that, once unlocked, the device was crammed full of evidence which will help the fight against terrorism. We won't be told what that evidence is - for national security reasons - but we can be sure it will presented to show that Feds were right to want to crack it open, and Apple endangered America in refusing to assist in that.
And we'll be told that whether they do unlock it or fail in that effort. There's a reason Israel and America are bestest friends forever.
Qty: 1
PN: UFED Touch by Cellebrite.
Status: Urgent
NOTE: Order under Acme Enterprises shell company (DON'T MENTION APPLE!!)
Once they've locked down the next iPhone / iOS, then gosh, Cellebrite is going to have to revise their software to rely on the next vulnerability. That's going to take all week...
Probably is that it cost the FBI some amount of $$ that they didn't want to pay, and also required an increment of time as well as physical access to the item in question.
ALL of these were bypassed in the court order fostered upon Apple.
So, in reality they wanted to do it on the cheap, and with little oversight, which they would need to pay someone to do the dirty deed.
Yes, the president would be set.
Yes, I'm sure President-Cum-Dictator Trump would indeed welcome the use of his SturmTrumpers to ride over any and all petty considerations of legality, liberty, and legislative legerdemain.
But I understand: the demon OttoKorrect changed precedent to president in your post. No worries, your point is valid.
Just couldn't resist a dig at the USA's current Idiot-In-The-Running.
I suppose the reasoning was that while they could hire a firm to do the best they could to crack the phone, they might also open up a legal precedent forcing mods to proprietary code. It could then be applied to other companies, including Microsoft, Google, Red Hat, etc.
Fail.
They already had access to that toolkit. Did you miss the link to the existing contract?
Aug 28, 2013 5:15 pm
The Federal Bureau of Investigation (FBI) intends to award, on a sole-source basis, a fixed price purchase order to Cellebrite USA, Inc. 266 Harristown Rd. Ste 105 Glen Rock, NJ 07452.
Cellebrite will provide two Cellebrite USA UFED Touch Ultimate Kits (Logical and Physical Mobile Forensic Solution) for use in Forensic casework.
Market research efforts have indicated that the Cellebrite UFED System is the only hand-held, cellular exploitation device worldwide that requires no PC or associated phone drivers. The system will quickly extract phonebook, pictures, videos, SMS messages, call histories, ESN/IMEI information, and deleted SMS/call histories off the SIM for rapid analysis. Cellebrite supports all major technologies (DMA, CDMA,GSM, IDEN) including, Smartphone operating systems and PDAs (Apple iPhone, Blackberry, Google Android, Microsoft Mobile, Palm and Symbian) for over 95% of all handset models worldwide....
Given this, it certainly does appear that the FBI was using this as a pretext to gain new powers. I'm no Apple fan, but I'm glad they stood up to the pressure.
FWIW, I actually do feel better that law enforcement can unlock encrypted devices in cases like this, where a judge on a non-secret court has reviewed the specific request and determined there is a lawful reason for doing so.
>Are you all feeling much safer now when you know that there is commercial entity that can unlock any iPhone without court order<
So, what you're saying is that, if you don't know about something, it doesn't exist?
Don't tell me, let me guess: you're one of those people who've never installed an antivirus/antimalware solution because your systems have never been compromised; never taken an HIV test because you've never had HIV.
>and that FBI now has access to that toolkit ?<
Gosh! You mean that the FBI never knew about Cellebrite until now? Or that Cellebrite would never have agreed to work with the FBI until they were certain that someone else /wouldn't/ work with the feds first?
I've got some natural news for you that I think you might find interesting. I don't know if it's true, because I haven't wasted any time investigating, but (apparently) if we all stopped vaccinating our kids then there'd be no need to vaccinate them in the first place.
Much safer? No. A little safer? Yes. The thing that worried me about the whole thing, is that if they could lean on Apple to help, it could become a routine procedure. "Hey Tim, we've got another cart of phones to unlock." Whereas I'm sure this Israeli forensic company's services don't come cheap, so they're not going to unlock every phone they get off somebody caught with an ounce of weed or whatever.
I have no problem with them bringing heavy hacking tools and extracting data from the phones of real terrorists like Syed. I just don't want it to be so easy they can do it for no good reason.
I wonder whether (whatever the actual outcome) the FBI will triumphantly announce their finding of (unspecified) incriminating data on the phone, just to justify their law suit.
I really can't see them going "ah, well actually there wasn't anything worth having on there, sorry to have bothered you..."
<quote>Terrism? Terrist? You got some kind of dog issue going on?</quote>
No, he is being paranoid, after all, the TLAs like to scour the internet for suspicious activity, and the correct use of the proper term might bring down the jack boots of law enforcement; in a bungled attempt to stave off the next world wide news item.
"the correct use of the proper term might bring down the jack boots of law enforcement"
That's not surprising. People with good language skills have often been considered a threat for the ruling elite. Pen being mightier than sword and all that.
Ref: Chinese Cultural Revolution, Soviet Union throughout its existence, various junta-style regimes.
Just goes to show that I was right all along: it doesn't matter how far-fetched/depraved/degenerate/whatever the idea, if you can think of it, someone else was already doing it before your grandparents were born.*
* I'm allowed a little 'poetic' leeway for technological advancement.
>something that would be triggered by the owner himself (warranty void, etc.) whenever physical access to the guts were to be sought?
Or link it to a heart-rate monitor app?
Whatever the case, Schneier's point has been demonstrated. It is almost impossible to reliably defend against terrorism because each attack is unique. Whether or not there is anything useful on that iphone, no terrorist will forget to wipe their phone before heading into a battle.
Methinks, however, that the FBI will continue to want the capability which no longer has any relevance to terrorism.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
