A couple of days ago, we reported that a hearing which would deal with the legal dispute between Apple and the FBI had been postponed at the request of the FBI. The agency had learned of a new technique which they may be able to use to unlock the phone without Apple’s assistance and asked the court for time to test out the technique. The filing only said the technique was brought to the agency’s attention by an outside source, without mentioning who it was.
There was speculation that the FBI’s outside source might be the NSA or perhaps another government agency, but a report by an Israeli newspaper suggests that an Israeli digital forensics firm called Cellebrite is the FBI’s source. The article is somewhat speculative. It does lay out the company’s credentials as the world’s foremost digital forensics firm, and states that the company’s services are used by “Law enforcement, military, intelligence, security and government authorities in over 90 countries.” It also mentions that the company has contracts with the FBI going back to 2013. It appears the most recent contract between the FBI and Cellebrite was filed just days ago.
The big reason Cellebrite is suspected as a likely source is because the company offers tools for extracting data from phones. A brochure for the company’s UFED series of devices claims they can “Bypass user locks” on a wide range of mobile devices and “Decode rich sets of encrypted and non-encrypted data.” The company also has a page specifically discussing its ability to break into locked Apple devices.
However, the page only claims the ability to break into phones running iOS 8. The phone the FBI is trying to break into is running iOS 9. The company has shown no evidence that it can break into phones running iOS 9 nor even claimed that it could do so in any of its advertising material. However the main security feature on new phones is the secure enclave, which is a hardware feature not a software one. Even though the phone has been updated to iOS 9, it is an older model that lacks a secure enclave. Cellebrite may still be able to break in with the same technique they use on iOS 8, but its not entirely clear if that’s the case.
Further evidence has come up suggesting Cellebrite is the one assisting the FBI in breaking into the phone. It was discovered that the DEA requested a warrant to search a phone and specifically mentioned using “CellBrite” devices to break into the phone. Although the company’s name is not spelled correctly, it seems very likely it is referring to Cellebrite. This request by the DEA came weeks before the FBI sought a warrant compelling Apple’s assistance in this current case, claiming there was no other alternative to break into the phone.
The DEA apparently believed that devices sold by Cellebrite had the capability to break into iPhones. This makes the FBI’s claim that it had no recourse but to force Apple to assist seem a bit suspicious. Both the DEA and the FBI are agencies within the DOJ, and should have access to the same information about Cellebrite’s capabilities. So their different approaches in dealing with similar situations is puzzling.
So far Cellebrite has not commented on whether it was the source that informed the FBI of a technique to break into the phone. Likewise, the FBI has refused to reveal who its outside source is.
If the FBI decides to drop it legal fight against Apple, it will not have to reveal to Apple how it broke into the phone. However, if the agency continue with its case, it may have to reveal methods it knows of to break into the phone as part of the discovery process.
Do you think Cellebrite found a way to break into phones running iOS 9? Leave your comments below.