Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

M&A Tracker

Mobile Forensics Firm to Help FBI Hack Shooter’s iPhone

Israel-based mobile forensics firm Cellebrite is believed to be the mysterious “outside party” that might be able to help the FBI hack the iPhone belonging to the San Bernardino shooter.

Israel-based mobile forensics firm Cellebrite is believed to be the mysterious “outside party” that might be able to help the FBI hack the iPhone belonging to the San Bernardino shooter.

Israeli newspaper Yedioth Ahronoth broke the news, which appears to be confirmed by a $15,000 contract signed by the FBI with Cellebrite on March 21, the day when the agency announced that it may have found a way to crack Islamic Terrorist Syed Rizwan Farook’s iPhone without Apple’s help.

The FBI convinced a judge in mid-February to order Apple to create special software that would allow the law enforcement agency to brute-force the PIN on Farook’s iPhone 5C without the risk of destroying the data stored on it.

Apple, backed by several other technology giants, has been preparing to fight the order, which it believes would set a dangerous precedent.

Just as the US government and Apple were about to face each other in court, the FBI announced on Monday that it may no longer need Apple’s help in cracking the phone. Federal prosecutors later cancelled the hearing set for Tuesday, stating that the FBI will be aided by an unidentified “outside party.”

That “outside party” appears to be Cellebrite, which has been working with the FBI since 2013. The company’s website shows that it has assisted law enforcement investigations in several countries over the past period.

“Cellebrite mobile forensics solutions give access to and unlock the intelligence of mobile data sources to extend investigative capabilities, accelerate investigations, unify investigative teams and produce solid evidence,” the company writes on its official site.

Experts have suggested several methods that could be used to gain access to the data on the San Bernardino shooter’s iPhone, including ones involving acid and lasers, but they didn’t appear to be very practical.

Advertisement. Scroll to continue reading.

After the FBI announced that it might have found a practical alternative, iOS forensics expert Jonathan Zdziarski published a blog post describing some of the likely methods that might be used to accomplish the task.

The expert believes the technique that will be used has likely already been developed, as the FBI says it only needs two weeks to test the proposed method.

Zdziarski believes the company that will aid the FBI will either use a software exploit or a hardware technique known as NAND mirroring.

“This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip,” the researcher explained. “It’s possible they’ve also made hardware modifications to their test devices to add a socket, allowing them to quickly switch chips out, or that they’re using hardware to simulate this chip so that they don’t have to.”

“My gut still tells me this is likely a NAND hardware technique. A software exploit doesn’t scale well. I know this because my older forensics tools used them, and it required slightly different bundles for every hardware and firmware combination. Some also work against certain versions, but not against others,” he noted.

Zdziarski believes that if the technique already exists, it has likely been sold privately for well over $1 million.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Funding/M&A

Thirty-five cybersecurity-related M&A deals were announced in February 2023

Funding/M&A

Forty-one cybersecurity-related M&A deals were announced in March 2023.

Funding/M&A

Forty cybersecurity-related M&A deals were announced in January 2023.

Funding/M&A

Thirty-eight cybersecurity merger and acquisition (M&A) deals were announced in April 2023.

Funding/M&A

Cybersecurity vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter with a surprise suitor emerging.

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Funding/M&A

More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...