The FBI has now dropped its lawsuit against Apple because they have managed to crack the encryption on the iPhone of the San Bernardino gunman without Apple’s help. Clearly the Israeli company Cellebrite has succeeded where the FBI’s own experts had failed.
The question now becomes what Apple will do about this demonstrated vulnerability. Perhaps they have already eliminated the weakness in their new models after the iPhone 5S? Added to their latest fiasco with their OS 9.3 download, Apple “technology” is not riding very high right now.
Cellebrite, an Israeli mobile forensic software company, is reportedly helping the FBI get into Syed Farook’s device, according to reports from Reuters and Ynet.
The FBI “has been reportedly using the services of the Israeli-based company Cellebrite in its effort to break the protection on a terrorist’s locked iPhone, according to experts in the field familiar with the case,” Ynet reports. The Verge reached out to Cellebrite yesterday afternoon for comment and hasn’t yet heard back. ……. The company has a sole-source contract with the FBI that it signed in 2013 specifically to help with mobile forensics and data extraction, exactly the task presented by the San Bernardino case. …..
In its notice of intent to sole source, the FBI wrote: “Market research efforts have indicated that the Cellebrite UFED System is the only hand-held, cellular exploitation device worldwide that requires no PC or associated phone drivers.” It continued that the company supports “all major technologies (DMA, CDMA,GSM, IDEN) including smartphone operating systems and PDAs (Apple iPhone, Blackberry, Google Android, Microsoft Mobile, Palm, and Symbian) for over 95 percent of all handset models worldwide.”
………. experts speculate the attack is based on a NAND mirroring technique, which involves essentially copying the flash memory of the device so it can be restored after a lockscreen wipe. US Representative Darrel Issa directly asked FBI Director James Comey about the possibility of using this technique during a House Judiciary hearing last month. The bureau is now well aware of its existence, and there’s no reason to believe it won’t work on the iPhone 5C in question. Notably, this method will run into problems on phones with a Secure Enclave, ruling out any phones beyond the 5S.
UFED-Touch
Some of Cellebrite’s promotional material on their UFED:
With mountains of data being created via mobile device applications daily – Facebook, Twitter, Kik, Snapchat, etc. – forensic examiners need quick and efficient ways to tap into rapidly expanding data sources when a situation demands. Our UFED Pro Series is designed for forensic examiners and investigators who require the most comprehensive, up-to-date mobile data extraction and decoding support available to handle the influx of new data sources.
UFED Ultimate enables the physical, logical and file system extraction of all data and passwords – even deleted – from the widest range of mobile phones, portable GPS devices and tablets. The powerful combination of proprietary boot loaders, UFED Physical Analyzer, UFED Phone Detective and UFED Reader, enables advanced decoding, mobile phone detection, data analysis and reporting every time.
The k2p blog 